DeTT&CT : Mapping detection to MITRE ATT&CK 

Introduction Building detection is a complex task, especially with a constantly increasing amount of data sources. Keeping track of these data sources and their appropriate detection rules or avoiding duplicate detection rules covering the same techniques can give a hard time to detection engineers. For a SOC, it is crucial to have an good overview … Continue reading DeTT&CT : Mapping detection to MITRE ATT&CK 

Cortex XSOAR Tips & Tricks – Execute Command Function

This entry is part 2 of 9 in the series Cortex XSOAR Tips & Tricks

Introduction When developing the automated SOC workflows for the NVISO Managed SOC and the additional NITRO services on Cortex XSOAR, we have started to make use of automations to do complex tasks instead of playbooks. Automations have much better performances and, if your team has a decent level of Python skills, developing complex tasks in … Continue reading Cortex XSOAR Tips & Tricks – Execute Command Function

Cortex XSOAR Tips & Tricks

This entry is part 1 of 9 in the series Cortex XSOAR Tips & Tricks

Introduction With our Managed Detect and Respond (MDR) service, NVISO provides a managed Security Operations Center (SOC) for a large variety of clients across different industries. Since the beginning of this service, we had an “automate first” principle where we tried to automate as much of the repetitive tasks of the SOC analysts as possible, … Continue reading Cortex XSOAR Tips & Tricks

Automated spam detection in Palo Alto Cortex XSOAR

Introduction With our Managed Detect and Respond (MDR) service at NVISO we provide a managed Security Operations Center (SOC) for a large variety of clients across different industries. In our SOC, we rely heavily on automations performed by our SOAR platform Palo Alto Cortex XSOAR to minimize the manual tasks that need to be done … Continue reading Automated spam detection in Palo Alto Cortex XSOAR

The Rise of Adversary Emulation

In this blog post, we will discuss a fairly new concept that has been gaining a lot of traction recently: Adversary Emulation. Adversary emulation aims to test a network’s resilience against advanced attackers or advanced persistent threats (APTs). To do so, the adversary’s tactics, techniques, and procedures (TTPs) are emulated along the cyber kill chain, … Continue reading The Rise of Adversary Emulation

Compiling Our Python Decompiler

Following the feedback we get for our py2exe decompiler (a decompiler for Windows executables created by py2exe1), we noticed that there is a community need for this tool. Most of the feedback comments are requests for help related to missing dependencies and similar problems. However, a couple of months ago, there had been an API-breaking release … Continue reading Compiling Our Python Decompiler

Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows

TL;DR: You can configure Burp to use your PKCS#11 (or Belgian eID) card to set up client-authenticated SSL sessions, which you can then intercept and modify. This blog post shows how you can easily view and modify your own, local traffic.  In order to complete this tutorial, you still need a valid eID card, and the … Continue reading Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows