“Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters.” It is a very useful tool for red team (conducting passive reconnaissance) and blue team (identifying potential exposed attack vectors). This post will try to provide some high level insight on how…
Category: Threat Hunting
WinFIM.NET – Windows File Integrity Monitoring
There are plenty of commercial tools to do file integrity monitoring (FIM). But, for freeware / Open Source, especially for Windows, it seems not many options. I have developed a small Windows Service named “WinFIM.NET” (https://github.com/OWASP/www-project-winfim.net) trying to fill up this gap. [The original repository https://github.com/redblueteam/WinFIM.NET has been migrated to https://github.com/OWASP/www-project-winfim.net for ongoing maintenance. Please…
Enable Command Line and PowerShell Audit For Better Threat Hunting
Many attacks targeting MS Windows involve the use of PowerShell, which is difficult to be detected since it is capable to execute commands from memory and does not write anything to disk! One of the popular examples is “Mimikatz”. In order to prevent malicious PowerShell attack, limiting the types of commands that can be executed…
Cyber Security Corner 