NetWitness Retention Script: Reporting The Numbers
July 7, 2021
Overview Zip File Contents* Concentrator Log Decoder Reports Investigate Prerequisites ...
PrintNightmare (CVE-2021-1675)
July 2, 2021
I'm sure most of you have heard about the recent remote code execution (RCE) exploit dubbed as...
Detecting LOLBAS tactics with the RSA NetWitness Platform - Regasm/Regsvcs
June 15, 2021
What are LOLBAS tactics? As I wrote on this previous articleDetecting Living-Off-The-Land tactics...
11.3 and Above Standard PowerVault Configuration Walkthrough.
May 18, 2021
Over the past year several changes have been made to how storage is configured. For many users it...
Detecting C&C Malleable Profiles
May 12, 2021
Introduction When a C2 platform is hardcoded to beacon in a particular fashion, its detection from...
Creating Context for Better Hunting
May 4, 2021
Overview Key Takeaways Setup Springboard JA3 and JA3S TLS Fingerprints Context Menu Actions and...
Hafnium/Microsoft Exchange Breach Detection with NetWitness
March 19, 2021
Hafnium, a state-sponsored APT group, is believed to have potentially compromised tens of thousands...
NetWitness 11.x non-node-zero host upgrade via local host repository
March 19, 2021
To maintain healthy/secure systems and using enhanced features, upgrading NetWitness stacks is one...
NetWitness Administration Series
March 19, 2021
The RSA Professional Services Team has created many procedures and scripts to aide in...
Sunburst/Solorigate round-up
March 17, 2021
Being in the news for about two months now, the Sunburst/Solorigate campaign has been analyzed in...