Dusty Miller, Author at Security Boulevard
Splunking with Sysmon Part 4: Detecting Trickbot

Splunking with Sysmon Part 4: Detecting Trickbot

| | Splunk Tutorials
Trickbot and Ryuk With the recent outbreak of Ryuk in hospitals, detecting the precursors to the ransomware has become a more visible priority. Ryuk has a history of being deployed after an enterprise has been compromised by Trickbot. The problems with detecting Ryuk is that once it is detected, it ... Read More
Splunking with Sysmon Part 3: Detecting PsExec in your Environment

Splunking with Sysmon Part 3: Detecting PsExec in your Environment

| | Splunk Tutorials
PsExec is another powerful tool created by Windows Sysinternal. It was created to allow Administrators to remotely connect to and manage Windows systems. Because of the power of PsExec, many different malware actors have used it in various forms of malware as well as a part of pass-the-hash attacks. PsExec ... Read More
Splunking with Sysmon Series Part 2: Tuning

Splunking with Sysmon Series Part 2: Tuning

| | Splunk Tutorials
This Splunk tutorial is a continuation of my previous Sysmon article, Splunking with Sysmon Part 1: The Setup. In part 1, I went over the basics of getting Sysmon installed in your environment and forwarding to Splunk. This second part will help you to take your initial configuration, either Modular ... Read More