An Introduction to Botnets
June 9, 2017
What is a botnet? The term botnet is derived from the words robot and network. A bot, sometimes...
Analyst's Reference: Windows 4625
June 3, 2017
Overview We all are so familiar with the 4625 as a failed logon, but did you know that the 4625 has...
It's your data...Know it - A look at session.split meta
June 2, 2017
If you have been using RSA Netwitness Packets for any length of time, you might have noticed that...
ANOTHER HOLIDAY LOST … WannaCry and Wanna Decryptor
May 16, 2017
Overview of WannaCry/Wanna Decryptor As you know, starting late Thursday and hitting mainstream...
WannaCry from the RSA NetWitness Suite's Perspective
May 14, 2017
In this post, I will quickly go through some aspects of the WannaCry ransomware from the...
Validate your custom index files with xmllint
May 12, 2017
Everyone makes mistakes in their syntax once in a while. Why wait for the service restart to...
Bulk Change NetWitness Hosts ssh and iDRAC webUI root Passwords
May 9, 2017
The attached pdf provides a detailed example with all relevant commands on how to: 1. Setup...
Hunting pack use case: RedLeaves malware
May 3, 2017
On April 27, 2017 The United States Computer Emergency Readiness Team (US-CERT) released an alert...
How to prevent stopping capture on a default settings Log Decoder due to less metadb size
April 26, 2017
By default, Log Decoder metadb size and rollover threshold are 44 GB and 95%. This means that...
Post Exploitation - Sniff the Target's Encrypted Traffic in Clear-Text
April 25, 2017
NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to...