Skip to content

Blue Team

How to deploy Sysmon via GPO

In this blog post, we are going to look at how to deploy Sysmon to all endpoints via GPO. In my case, I push all logs to my Windows Event Collector (WEC). My WEC has Winlogbeat installed so can centrally access all logs in SecurityOnion.

PCAP Analysis using Zeek

You're being handed a really large network data capture and you want to figure out if theres anything malicious in it? But, there is too much data to manually go through? How can you easily tell if anything evil has happened or if there is totally normal traffic? There a variety of awesome free tools, like for example: Zeek.

Analyzing Malicious PDF and Word Documents

How to address PDF files and Word Documents and extract malicious indicators from within them. This is something that happens nearly every day in a SOC. An example could be: A user reports phishing and our job as Security Anaylsts is, figuring out if these files are indeed malicious. Safely, quickly and accurately.