SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.

lsass.exe Windows process threat hunting tips

lsass.exe: One Of The Most Important Windows Processes For Threat Hunting

“lsass.exe” stands for Local Security Authority Subsystem Service. In this new series, we analyze Windows processes and provide threat hunting tips. “lsass.exe” Windows process is responsible for a variety of security tasks including: Authenticating users and verifying user logins to a Windows computer or server. Creating the user’s access token. Managing the Active Directory. Writing to…

Monitor PowerShell Network Connections via Sigma Detection Rule

Monitor PowerShell Network Connections via Sigma Detection Rule

PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to download malicious codes or upload sensitive information. With this free sigma rule, you can monitor network connections that originated from powershell.exe. title: Monitoring powershell.exe network connections description: with monitoring powershell network connections you can…

dark nexus

Dark Nexus, a new IoT botnet spotted in the wild

Cybersecurity researchers have discovered a new IoT botnet, tracked as Dark Nexus. The new botnet can be used to launch distributed denial-of-service (DDoS) attacks. Dark nexus has compromised hundreds of IoT devices, including routers from Dasan Zhone, Dlink, and ASUS, video recorders, and thermal cameras. Researchers from cybersecurity firm Bitdefender said in a post that the new…