WSO Shell used in a Phishing-as-a-Service (PhaaS) 365 harvesting phishing campaign
1. Initial Incident Late 2023, we observed several of our users , working in different locations with different email domains…
Microsoft Sentinel Watchlists and wildcard/partial/substring table joins in KQL
Watchlists are a great way to house data in a table format to be used for various purposes, be it…
Best Alternative Web Scanner to Burp Suite
If you’re looking for a great open-source vulnerability scanner you can do a lot worse than ZAP (Zed Attack proxy).…
Lengths hackers go to when hiding their exploits
Long gone is the time when if your website was compromised you’d be eaisly able to spot a file out…
Securing your WordPress site: The essentials
WordPress is very user friendly and easy to learn content management system (CMS) for creating websites. However the ease of…
Credential Stealer Malware Trends 2023
The usual credential stealing malware have consistently booked the top 4 spots each quarter of 2023, albeit jostling amongst themselves…
Website Search Result Poisoning
Its not hard to find search pages from websites with compromises. Its as simple as googling it. Actors are actively…
misp2sentinel: Invalid isoformat string
I’m having issues with the misp2sentinel script from cudeso which sends IOCs from the MISP API to sentinel via the…
Logstash – Sending Windows Event Logs
Download Winlogbeat – Download here (64-bit) Step 1: Download and extract winlogbeat.zip to c:\program files\ (Should look like the image below) Step…
Recommended Windows Audit Policy Settings
This post includes recommend Windows audit policy settings. No two environments are the same so after running for a week…