Week 23 – 2017



  • Chris Sanders has “put together a Security Onion cheat sheet that highlights important information that will help you use, configure, and customize your installation.”
    Security Onion Cheat Sheet

  • Matt Suiche at Comae Technologies has provided an overview of an investigation performed by TV5Monde/ANSSI on an attack from 2015 – the original presentation was in French, so thankfully he’s translated it for us.
    Lessons from TV5Monde 2015 Hack

  • Luis Rocha at Count Upon Security explains how to use Matias Bevilacqua’s AppCompatProcessor. This tool ingests data from Mandiant’s ShimCacheParser, which Eric points out has not been updated to deal with the latest Win10 update (something to keep in mind).
    Threat Hunting in the Enterprise with AppCompatProcessor

  • Itai Grady at Microsoft’s Advanced Threat Analytics Team explains how attackers are using non-malware attacks (ie PowerShell) to laterally move in a network to avoid detection. This makes this kind of attack difficult for anti-malware solutions to identify.
    How Fileless malware challenges classic security solutions






And that’s all for Week 23! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s