Sigma rules for SIEM detection are what YARA is to files: a structured, vendor-neutral way to describe what a bad log event looks like, ...
MITRE ATT&CK to SIEM Rules: A Practical Look at SIOR-Helper
PowerShell Script Block Logging with Event ID 4104
0 Comments
10 min read
Most PowerShell-based attacks rely on the same trick: pass a Base64-encoded command, a string concatenation, or a script downloaded at ru...
Detecting Kerberoasting with Windows Event ID 4769
0 Comments
10 min read
Kerberoasting ( MITRE ATT&CK T1558.003 ) is one of the few credential-access techniques that produces a clean, on-prem audit signal —...
