Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

[SANS ISC] Clean Binaries with Suspicious Behaviour

published on 2022-03-15 12:54:26 UTC by Xavier
Content:

I published the following diary on isc.sans.edu: “Clean Binaries with Suspicious Behaviour“:

EDR or “Endpoint Detection & Response” is a key element of many networks today. An agent is installed on all endpoints to track suspicious/malicious activity and (try to) block it. Behavioral monitoring is also a key element in modern SIEM infrastructure: To see a word.exe running is definitively not malicious, same with a Powershell script being launched. But if you monitor parent/child relations, to see a Powershell script launched from a Word process, that is suspicious! Here is a simple Sigma rule to detect this behavior… [Read more]

The post [SANS ISC] Clean Binaries with Suspicious Behaviour appeared first on /dev/random.

Article: [SANS ISC] Clean Binaries with Suspicious Behaviour - published over 2 years ago.

https://blog.rootshell.be/2022/03/15/sans-isc-clean-binaries-with-suspicious-behaviour/   
Published: 2022 03 15 12:54:26
Received: 2022 03 15 13:06:37
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security
Views: 3

Custom HTML Block

Click to Open Code Editor