In the previous blog we talked about the logging of RDP logs if you had not read the previous blog please find below link: Windows RDP Event Logs: Identification, Tracking and Investigation Part-1 Remote Desktop Protocol (RDP) is a widely used technology that allows users to connect remotely to another computer or…arslansabir11.medium.com In this blog we will dive into a scenario involving the investigation of an RDP session. Remote Desktop Protocol (RDP) has become an essential tool for…

Remote Desktop Protocol (RDP) is a widely used technology that allows users to connect remotely to another computer or server over a network. As a powerful tool for remote administration, RDP has become an attractive target for cybercriminals. Detecting and investigating suspicious RDP sessions is crucial for identifying potential security…

In this blog we are going to analyze a malicious Pdf file. We are going to use multiple tools for analysis. Mainly we are going to use Didier stevens pdf tools. Tools To Have https://docs.remnux.org/install-distro/get-virtual-appliance https://blog.didierstevens.com/didier-stevens-suite/ Test Case: You are working as malware analyst in ABC Company and your EDR…

Malware is a file or code, typically delivered over a network, that infects explores steals or conducts virtually any behavior on attacker wants. Malware can infect devices and networks and can exploit security defects (security bugs or vulnerabilities) in the operating system, applications (such as browser) etc. …

From my previous blog you should have known how to installed DeTT&CT Editor, now we are going to use DeTT&CT for mapping data sources against MITRE ATT&ACK. First we have to create a python virtual environment so all the dependencies of python work properly. For creating a virtual environment we…

By creating DeTT&CT we aim to assist blue teams using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviors. All of which can help, in different ways, to get more resilient against attacks targeting your organization. Framework to administrate,score and compare: Data source quality Visibility Detection Threat actor behaviors Where do you focus on