Date Author Title

INTRUSION DETECTION

2016-08-29Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2013-12-16Tom WebbThe case of Minerd
2013-08-19Johannes UllrichRunning Snort on ESXi using the Distributed Switch
2012-09-02Lorna HutchesonDemonstrating the value of your Intrusion Detection Program and Analysts

INTRUSION

2016-08-29/a>Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2013-12-16/a>Tom WebbThe case of Minerd
2013-08-19/a>Johannes UllrichRunning Snort on ESXi using the Distributed Switch
2012-09-02/a>Lorna HutchesonDemonstrating the value of your Intrusion Detection Program and Analysts
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing

DETECTION

2024-02-20/a>Xavier MertensPython InfoStealer With Dynamic Sandbox Detection
2023-11-22/a>Guy BruneauCVE-2023-1389: A New Means to Expand Botnets
2023-10-31/a>Xavier MertensMultiple Layers of Anti-Sandboxing Techniques
2023-05-28/a>Guy BruneauWe Can no Longer Ignore the Cost of Cybersecurity
2023-02-04/a>Guy BruneauAssemblyline as a Malware Analysis Sandbox
2023-01-21/a>Guy BruneauDShield Sensor JSON Log to Elasticsearch
2023-01-08/a>Guy BruneauDShield Sensor JSON Log Analysis
2022-12-21/a>Guy BruneauDShield Sensor Setup in Azure
2022-09-26/a>Xavier MertensEasy Python Sandbox Detection
2021-12-28/a>Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-04-02/a>Xavier MertensC2 Activity: Sandboxes or Real Victims?
2020-11-20/a>Xavier MertensMalicious Python Code and LittleSnitch Detection
2017-12-14/a>Russ McReeDetection Lab: Visibility & Introspection for Defenders
2017-06-17/a>Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2016-08-29/a>Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2015-02-10/a>Mark BaggettDetecting Mimikatz Use On Your Network
2014-09-27/a>Guy BruneauWhat has Bash and Heartbleed Taught Us?
2013-12-16/a>Tom WebbThe case of Minerd
2013-08-19/a>Johannes UllrichRunning Snort on ESXi using the Distributed Switch
2012-09-02/a>Lorna HutchesonDemonstrating the value of your Intrusion Detection Program and Analysts
2012-08-16/a>Johannes UllrichA Poor Man's DNS Anomaly Detection Script
2008-11-16/a>Maarten Van HorenbeeckDetection of Trojan control channels