During a threat hunting process, reviewing telemetry alone is not always enough. To fully understand what’s happening on a potentially compromised host, you also need to interrogate the system dire...

In security incident response, the ability to quickly isolate a compromised endpoint is crucial. C-LR Isolation, a submodule of Wazuh Live Response, allows security teams to remotely isolate a Wind...

In this new challenge, we have two scenarios. As I always mention, before addressing the scenarios, we need to identify the available security event sources. Then, we should understand the scenario...

In this challenge, we will approach the investigation as if it were a real-life scenario. After facing a real hunting, there is often no predefined guide or clear direction on what to look for init...

In previous posts, we have discussed how to collect logs and index them in the S1EM. However, we encountered some challenges. For example, we can obtain PowerShell events, but what about cmd logs? ...

When we talk about hunting in cybersecurity, it’s likely that the first thing that comes to mind is querying a SIEM, our security event database. But what happens when the SIEM was implemented afte...

PowerShell, a powerful Windows command-line shell and scripting language, is often abused by adversaries to execute malicious scripts and commands, one of the most commonly used techniques accordin...

The Wazuh Security Information and Event Management (SIEM) solution is a centralized platform for aggregating and analyzing telemetry in real time for threat detection and compliance. For our cybe...

In cybersecurity, having an efficient testing lab is crucial for understanding attack scenarios. This blog will guide you through two essential steps to build your own testing lab (Client-Server Mo...

Testing jekyll-theme-chirpy Intro Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque cursus ipsum sit amet magna ullamcorper dictum. Sed rutrum mi semper euismod mollis. Phasellus e...