In today's threat landscape more and more threats like fileless malware and ransomware leverage PowerShell during the exploitation stage. In this post I have written some of the best ways to monitor and detect malicious PowerShell scripts. Let's begin with some of the best practices for using PowerShell in your environment Limit PowerShell to only... Continue Reading →
Your SIEM (Security Information and Event Management)'s ROI depends on how effectively you tune it. Data sources like Firewall, AD server, File server, generates millions of logs every day. Without proper audit policy and SIEM filters, 80% of logs are noise. If you do not tune it, you will not get real value from your... Continue Reading →
When I receive a request to monitor critical events from a vendor, it becomes a cumbersome task to gather information about the vendor, log schema, and event types. This information is not readily available through a simple online search. To simplify the process, I am providing a consolidated list of Cisco ASA events that are... Continue Reading →
CyberSec Talk 