David FrenchinthreatpunterFrom soup to nuts: Building a Detection-as-Code pipelinePart 2 of 2Jul 27, 20232Jul 27, 20232
David FrenchinthreatpunterFrom soup to nuts: Building a Detection-as-Code pipelinePart 1 of 2Jul 27, 20231Jul 27, 20231
David FrenchinthreatpunterThreat hunting in Okta logsThreat hunting tips to help blue teams defend their Okta Single Sign-On (SSO) organization from attack.Jul 12, 20222Jul 12, 20222
David FrenchinthreatpunterTesting your Okta visibility and detection with Dorothy and Elastic SecurityDorothy has 25+ modules to simulate actions an attacker may take while operating in an Okta environment.Dec 14, 20201Dec 14, 20201
David FrenchinthreatpunterDetecting Adversary Tradecraft with Image Load Event Logging and EQLWhile examining some malicious Microsoft Office and PE files to look for detection opportunities, I came across a few samples where…Aug 16, 20191Aug 16, 20191
David FrenchinthreatpunterDetecting & Removing WMI PersistenceWindows Management Instrumentation (WMI) Event Subscription is a popular technique to establish persistence on an endpoint. I decided to…Oct 9, 20181Oct 9, 20181
David FrenchinthreatpunterDetecting Attempts to Steal Passwords from MemoryAn adversary can harvest credentials from the Local Security Authority Subsystem Service (LSASS) process in memory once they have…Oct 2, 2018Oct 2, 2018
David FrenchinthreatpunterDetecting Attempts to Steal Passwords from the RegistryAdversaries may query the Windows Registry looking for credentials and passwords that have been stored for use by other programs or…Oct 2, 2018Oct 2, 2018
David FrenchinthreatpunterHow to Setup “Cowrie” — An SSH HoneypotCowrie is a medium interaction SSH and Telnet honeypot, which can log brute force attacks and an attacker’s shell interaction. Cowrie is an…Oct 1, 20181Oct 1, 20181
David Frenchinthreatpunter5-Minute Analysis of a Remote Access TrojanHere is a brief analysis of a Remote Access Trojan (RAT).Oct 1, 2018Oct 1, 2018