In this blog we will explain how to use the functionality of Power BI to visualize your MISP data in a interactive and useful way.
Category: Tools
Enforcing a Sysmon Archive Quota
This blog post will create a Sysmon archive quota through WMI event consumption to avoid storage exhaustion.
DeTT&CT : Mapping detection to MITRE ATT&CKÂ
Introduction Building detection is a complex task, especially with a constantly increasing amount of data sources. Keeping track of these data sources and their appropriate detection rules or avoiding duplicate detection rules covering the same techniques can give a hard time to detection engineers. For a SOC, it is crucial to have an good overview … Continue reading DeTT&CT : Mapping detection to MITRE ATT&CKÂ
Cortex XSOAR Tips & Tricks – Execute Command Function
Introduction When developing the automated SOC workflows for the NVISO Managed SOC and the additional NITRO services on Cortex XSOAR, we have started to make use of automations to do complex tasks instead of playbooks. Automations have much better performances and, if your team has a decent level of Python skills, developing complex tasks in … Continue reading Cortex XSOAR Tips & Tricks – Execute Command Function
Cortex XSOAR Tips & Tricks
Introduction With our Managed Detect and Respond (MDR) service, NVISO provides a managed Security Operations Center (SOC) for a large variety of clients across different industries. Since the beginning of this service, we had an âautomate firstâ principle where we tried to automate as much of the repetitive tasks of the SOC analysts as possible, … Continue reading Cortex XSOAR Tips & Tricks
Automated spam detection in Palo Alto Cortex XSOAR
Introduction With our Managed Detect and Respond (MDR) service at NVISO we provide a managed Security Operations Center (SOC) for a large variety of clients across different industries. In our SOC, we rely heavily on automations performed by our SOAR platform Palo Alto Cortex XSOAR to minimize the manual tasks that need to be done … Continue reading Automated spam detection in Palo Alto Cortex XSOAR
Debugging DLL’s – 3 techniques to help you get started
During some redteam engagements, we find ourselves in the need of writing DLL's. However, debugging DLL's is not as easy as it seems, as a DLL isn't built to run on its own.In this article, we will explore how you can debug a DLL effectively. What is a DLL? A DLL is short for a … Continue reading Debugging DLL’s – 3 techniques to help you get started
The Rise of Adversary Emulation
In this blog post, we will discuss a fairly new concept that has been gaining a lot of traction recently: Adversary Emulation. Adversary emulation aims to test a networkâs resilience against advanced attackers or advanced persistent threats (APTs). To do so, the adversaryâs tactics, techniques, and procedures (TTPs) are emulated along the cyber kill chain, … Continue reading The Rise of Adversary Emulation
Compiling Our Python Decompiler
Following the feedback we get for our py2exe decompiler (a decompiler for Windows executables created by py2exe1), we noticed that there is a community need for this tool. Most of the feedback comments are requests for help related to missing dependencies and similar problems. However, a couple of months ago, there had been an API-breaking release … Continue reading Compiling Our Python Decompiler
Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows
TL;DR: You can configure Burp to use your PKCS#11 (or Belgian eID) card to set up client-authenticated SSL sessions, which you can then intercept and modify. This blog post shows how you can easily view and modify your own, local traffic. In order to complete this tutorial, you still need a valid eID card, and the … Continue reading Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows