FirstWatch Threat Spotlight – Chaos RAT
January 16, 2024
Executive Summary In a previous blog, we introduced and explored the Chaos C2 Framework but not the...
FirstWatch Threat Spotlight: HAVOC C2
October 18, 2023
Overview Havoc C2 CLI Banner The Havoc command and control (C2) framework is a free and open-source...
Advanced HTTP and TLS Concepts (Video)
September 8, 2023
(view in My Videos) This video covers many topics related to HTTP and TLS investigation,...
Using NetWitness to Detect Command and Control: SILENTTRINITY C2
August 24, 2023
Introduction In the ever-evolving landscape of cybersecurity, cyberattacks have become increasingly...
FirstWatch Threat Spotlight – Remcos RAT
August 22, 2023
Summary: Remcos is a closed-source tool that is marketed as a remote control and surveillance...
FirstWatch Threat Spotlight: The LockBit Conundrum - A Glimpse into Ransomware Warfare
August 6, 2023
Author: Rajas Save Introduction In recent years, the cybersecurity landscape has witnessed the...
Content Hygiene – Application Rule Alert Mapping Updates
July 11, 2023
To help facilitate future content improvements such as new bundles and feeds, we have adjusted the...
Microsoft Azure Log Analytics workspace integration with Netwitness
May 25, 2023
Azure Log Analytics workspace is a unique environment for log data from Azure Monitor and other...
FirstWatch Threat Spotlight: Cryptonite Ransomware
May 24, 2023
Overview Cryptonite ransomware is a Free and Open Source Software (FOSS) program that was made...
Deployment Inventory (Serial Numbers)
May 16, 2023
The attached script can be used to pull inventory (serial numbers) from all hosts in the NW...