Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process’s…

Docker Hub []

Before continuing, please create the custom python file for JIRA integration by doing the following :

sudo touch /var/ossec/integrations/custom-jira OR as root touch /var/ossec/integrations/custom-jira

For full post please click link:

How I took a issue created by another github user and added value to the original query and helped mold it into a new detection rule. Original Query process where event.module == “powershell” and process.args : ( “powershell.exe”, “Set-Service”, “EventLog”, “Disabled”)

Example Data { “_id”: “89933b5f64737a55c666fd1a7155b02c533e65e040dddfb611d83e563afa6796”, “_index”: “.siem-signals-siemplify-000002”, “_score”: “1”…

You first begin by looking up API or PowerShell cmdlets that will help assign permissions to a specific mailbox. So for this rule of detecting when a permission is delegated to specific user in the organization.

Add-MailboxPermission [-Identity] -AccessRights <MailboxRights[]> -User [-AutoMapping ] [-Confirm] [-Deny] [-DomainController ] [-GroupMailbox] [-IgnoreDefaultScope] [-InheritanceType…

DEBIAN Install Wazuh Agent curl -so wazuh-agent.deb && sudo WAZUH_MANAGER=’' WAZUH_AGENT_GROUP=’default’ dpkg -i ./wazuh-agent.deb

sudo systemctl daemon-reload sudo systemctl enable wazuh-agent sudo systemctl start wazuh-agent

Register Wazuh Agent /var/ossec/bin/agent-auth -m

Edit File

nano /var/ossec/etc/ossec.conf …

Restart File

systemctl restart wazuh-agent

WINDOWS Install Wazuh Agent Invoke-WebRequest -Uri -OutFile wazuh-agent.msi; ./wazuh-agent.msi /q WAZUH_MANAGER=’' WAZUH_REGISTRATION_SERVER=’' WAZUH_AGENT_GROUP=’default’

Register Wazuh Agent PowerShell Command

&’C:\Program Files (x86)\ossec-agent\agent-auth.exe’ -m

Open File and edit

C:\Program Files (x86)\ossec-agent\ossec.conf


Restart-Service -Name wazuh

OS/Dok Malware Example Lets take a example. If was working and got notification through Cyware social threat feeds and read the following malware research:

  • OS/Dok []

After reading this research about this threat, I can automatically develop a couple (in “development”) rules for this specific threat [In the real world…

In this post I will be covering ways of hardening your Microsoft 365 and Azure Active Directory Tenant.

Enable MFA Security defaults make it easier to help protect your organization from these attacks with preconfigured security settings:

  • Requiring all users to register for Azure AD Multi-Factor Authentication.
  • Requiring administrators to…

This tutorial how to install ELK stack on Docker Containers

Install Docker on Debian-Based Distributions apt update apt install apt-transport-https ca-certificates curl software-properties-common -y echo ‘deb [arch=amd64] bionic stable’ >> /etc/apt/sources.list.d/docker.list curl -fsSL | sudo apt-key add -

apt update apt install docker-ce -y curl -L -s-uname…

This post will breakdown on ways of hardening Active Directory.

Windows Firewall Maintain at least a workstation and server Group Policy Object (GPO) to control the Windows Firewall

Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security

Generally, it is best to limit…

Austin Songer

Trusted Veteran | Compassionate. Aspiring. Resourceful.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store