Originally published in 2015. Security logs collection and analysis is crucial for security incident detection and response. There are many tools that can help in this activity but they can be only as good as the data that is sent to them. This guide concentrates on providing recommendations and ideas to consider when planning logContinue reading “Let’s start with the basics. Windows security events monitoring.”
Category Archives: Detect
Finding newly registered domains for hunting and blocking.
Originally published in 2015. Email addresses in freshly registered short lived domains are increasingly used to send spam and malware. They are also used in spear phishing campaigns often combined with bitsquatting/typosquatting techniques to fool users into trusting the message content. The same applies to websites serving malicious content that are linked by the phishingContinue reading “Finding newly registered domains for hunting and blocking.”