Threat Detection - @fuffsec

Sign in Subscribe

Threat Detection

A collection of 13 posts

Detection at Scale: Core Challenges

Threat Detection Featured

Detection at Scale: Core Challenges

As teams grow and the scope of detection expands, adapting to the increased scale becomes a critical challenge. This often requires teams to embrace new obstacles that test both their technical capabilities and their agility. Being flexible and responsive is essential when developing detection mechanisms in a rapidly evolving environment.

Understanding and Detecting DarkGate Malware

Understanding and Detecting DarkGate Malware

Introduction DarkGate is a sophisticated malware-as-a-service (MaaS) operation that has been active since at least 2018. Over the years, it has evolved significantly, incorporating advanced techniques to evade detection and maintain persistence on compromised systems. This blog delves into the recent activities and evolution of DarkGate, focusing on detection mechanisms

Understanding Attacker Motivations: A Deep Dive into Cybersecurity Threats

Threat Detection

Understanding Attacker Motivations: A Deep Dive into Cybersecurity Threats

In the complex world of cybersecurity, understanding the motivations behind attacks is crucial for effective threat detection and incident response. While attribution of attacks is challenging and often impossible, grasping the general motivations can help predict attacker behavior and enhance defensive strategies. Here, we delve into the common motivations for

Detailed Blog of DNS Tunneling for Bypassing Captive Portals

Threat Detection

Detailed Blog of DNS Tunneling for Bypassing Captive Portals

To understand how DNS tunneling can bypass captive portals, it’s crucial to grasp how captive portals and DNS queries function. Here’s a step-by-step explanation of the process, addressing how DNS requests can be sent without bypassing the captive portal. Captive Portals and DNS Traffic Captive portals intercept HTTP

Continuous Activities in Detection Engineering

Threat Detection

Continuous Activities in Detection Engineering

Detection engineering (DE) is a critical component of cybersecurity operations, dedicated to designing, implementing, and maintaining systems that detect malicious activities within an organization's environment. This blog will delve into the continuous activities involved in a DE program, including monitoring, maintenance, metrics, and comprehensive validation. Each of these

Detection and Response (D&R): Essential for Modern Cybersecurity

Digital Forensics

Detection and Response (D&R): Essential for Modern Cybersecurity

In the ever-evolving landscape of cybersecurity, Detection and Response (D&R) play a critical role in safeguarding organizations from potential threats. This blog will explore what D&R entails, why it's essential for large organizations, the phases involved, current challenges, and future growth prospects. 1. What

Creating a Pain-Aware MITRE ATT&CK Strategy for Detection Engineering

Threat Detection

Creating a Pain-Aware MITRE ATT&CK Strategy for Detection Engineering

In the ever-evolving landscape of cybersecurity, the MITRE ATT&CK framework and the Pyramid of Pain are invaluable tools for defenders. By integrating these models, we can design robust detection strategies that not only identify threats but also impose significant operational pain on adversaries. This blog explores how to

Reputation based Detection with Suricata

Network Security

Reputation based Detection with Suricata

Introduction Today, we're diving into the fascinating world of network security, specifically focusing on Suricata and its IP Reputation Detection capabilities. If you are looking for a robust, efficient tool to keep an eye on your network traffic, Suricata is the way to go. Let's explore

Honeypot Series #1: Oh Snap! Did My Honeypot Just Get Breached?

Threat Detection

Honeypot Series #1: Oh Snap! Did My Honeypot Just Get Breached?

It was a typical Saturday evening. I was sipping my coffee, scrolling through some logs on my Newly deployed Honeypot when a peculiar…

Threat Hunting — (Threat Intelligence)

Threat Detection

Threat Hunting — (Threat Intelligence)

Threat hunting is a proactive security technique that actively searches for potential threats and vulnerabilities within a network. This…

EDR Simulation — Hunting for Process Injection with API Monitoring

Threat Detection

EDR Simulation — Hunting for Process Injection with API Monitoring

Memory Analysis for Process Injection

Threat Detection

Memory Analysis for Process Injection

Zero Trust in Microsoft Azure 1— “never trust, always verify.”

Threat Detection

Zero Trust in Microsoft Azure 1— “never trust, always verify.”