Incident response lessons from FIRSTCON22
Guest Post: Effective threat hunting, incident response in the cloud, how to stop phishing, and the emotional experience of ransomware.
Tag: threat hunting
Threat hunting with Yara: The red pill approach
Guest Post: Learn how to combine Yara with other tools to have full control over the condition validation process.
Threat hunting with Yara: Dealing with wildcard hexadecimal patterns
Guest Post: Learn how to use Yara’s native hexadecimal pattern definition features to create fast rules with fewer false positives and no alarming nested loops.
Threat hunting with Yara: Measuring distance between any three elements
Guest Post: Learn how to use Yara’s math module and min/max functions to measure distance between patterns.
Threat hunting with Yara: The three body problem
Guest Post: Get to know how to use Yara with real-life research problems — detecting code evolution and shellcodes.
Three of the best: How to
‘How to’ posts are a great way to learn how to use a new tool, troubleshoot problems, or perform advanced tasks. Here are three of 2021’s best.
Intel Owl v3.0.0 speeds up threat intelligence retrieval
Guest Post: With 100+ analysers, Intel Owl helps with incident response, threat analysis, security research and threat hunting.
How to: Threat hunting and threat intelligence
Guest Post: Team Cymru takes us through the steps of a threat hunt.
Sigma: A generic log signature format
Guest Post: Sigma is an open-source project that tries to solve challenges with store logs in different repositories.
Threat hunting 101: Hunting with Yara rules
Guest Post: Yara rules are an easy yet important threat hunting tool for searching for malicious files in your directories.