Filebeat write: failed to publish events / connection reset by peer
I was using filebeat to listen on port 514 to accept rsyslog messages from AIX servers with the aim of filebeat then having an output to my logstash instance on…
Posted inThreat Intelligence
WSO Shell used in a Phishing-as-a-Service (PhaaS) 365 harvesting phishing campaign
1. Initial Incident Late 2023, we observed several of our users , working in different locations with different email domains but all either executive assistants or members of the different…
Posted insentinel
Microsoft Sentinel Watchlists and wildcard/partial/substring table joins in KQL
Watchlists are a great way to house data in a table format to be used for various purposes, be it analytic creation or incident enrichment. If you are using a…
Posted inVulnerability
Best Alternative Web Scanner to Burp Suite
If you’re looking for a great open-source vulnerability scanner you can do a lot worse than ZAP (Zed Attack proxy). All features are free unlike the likes of BurpSuite and…
Posted inThreat Intelligence Vulnerability WordPress
Lengths hackers go to when hiding their exploits
Long gone is the time when if your website was compromised you'd be eaisly able to spot a file out of place by its date modified and then easily identify…
Posted inWordPress
Securing your WordPress site: The essentials
WordPress is very user friendly and easy to learn content management system (CMS) for creating websites. However the ease of creating a website you would assume security is just as…
Posted inMalware Threat Intelligence
Credential Stealer Malware Trends 2023
The usual credential stealing malware have consistently booked the top 4 spots each quarter of 2023, albeit jostling amongst themselves for the top position. Meta stealer has shown a constant…
Posted inVulnerability
Website Search Result Poisoning
Its not hard to find search pages from websites with compromises. Its as simple as googling it. Actors are actively and easily exploiting misconfigurations in websites to advertise dark web…
Posted inThreat Intelligence
misp2sentinel: Invalid isoformat string
I'm having issues with the misp2sentinel script from cudeso which sends IOCs from the MISP API to sentinel via the new sentinel threat intelligence API. (shout out to cudeso for…
Logstash – Sending Windows Event Logs
Download Winlogbeat – Download here (64-bit) Step 1: Download and extract winlogbeat.zip to c:\program files\ (Should look like the image below) Step 2: Open the winlogbeat.yml and edit with notepad: We will add the following…