threatinfo – Page 3 – Threat Intelligence

Credential Stealer Malware Trends 2023

The usual credential stealing malware have consistently booked the top 4 spots each quarter of 2023, albeit jostling amongst themselves for the top position. Meta stealer has shown a constant…

threatinfo September 25, 2023

Vulnerability

Website Search Result Poisoning

Its not hard to find search pages from websites with compromises. Its as simple as googling it. Actors are actively and easily exploiting misconfigurations in websites to advertise dark web…

threatinfo June 11, 2023

Threat Intelligence

misp2sentinel: Invalid isoformat string

I'm having issues with the misp2sentinel script from cudeso which sends IOCs from the MISP API to sentinel via the new sentinel threat intelligence API. (shout out to cudeso for…

threatinfo May 21, 2022

log siem

Logstash – Sending Windows Event Logs

Download Winlogbeat – Download here (64-bit) Step 1: Download and extract winlogbeat.zip to c:\program files\ (Should look like the image below) Step 2: Open the winlogbeat.yml and edit with notepad: We will add the following…

threatinfo October 8, 2021

log

Recommended Windows Audit Policy Settings

This post includes recommend Windows audit policy settings. No two environments are the same so after running for a week inspect how much data is being recorded and if any…

threatinfo September 18, 2021

Vulnerability

Vulnerability Management with Wazuh

One of the great features in Wazuh is the vulnerabilities module. Both comparing installed programs against NISTs vulnerability database as well as comparing the installed hot fixes against Microsoft’s update…

threatinfo January 18, 2020