I started my journey in a digital forensics lab crammed with hardware and a table with two dozen external hard drives. Each of these hard drives contained one or more disk images of systems possibly compromised. The CERT that called in all kinds of different experts was able to process…

In this week’s roundup, I’ve listed some notable vulnerabilities that caught my attention. They range from issues in libwebp to critical flaws in SharePoint, WS_FTP, and Exim. I’ve provided a brief description and included links for each, in case you want to explore further. libwebp: CVE-2023–4863, CVE-2023–41064, CVE-2023–5129 CVE-2023–4863 is a heap buffer overflow…

Talking about certain systems in cybersecurity can be tricky when we don’t have the right terms. In a previous blog post, I pointed out a group of systems that attackers are increasingly targeting. There’s a lot of talk about XDR (Extended Detection and Response) these days, suggesting it covers more…

The cybersecurity landscape is continuously evolving, with new threats and trends emerging every day. In Q3 2023, we have observed several key trends that are expected to increase in importance in the coming months. …

New Features, Tools, and Community Contributions We have decided it would be a great idea to publish quarterly updates on everything that is happening within the Sigma project, and have created this publication on Medium for that purpose. …

Threat researchers, malware analysts, and digital forensic specialists often share advice, hints, and ideas with the community through scientific papers, blog posts, or tweets. It is admirable and often includes beneficial information for anyone who reads their advice, but the impact of the information can be significantly improved. In this…

The recent revelations regarding the Solarwinds compromise and the problem of detecting adversary activity that aligns with legitimate user activity reminded me of a solution that we had developed in a small team over a decade ago. …

Maximizing the effect of defensive research We live in challenging times. As a security researcher focusing on threat detection I frequently notice and comment on the increasing use of off-the-shelf tools by nation state actors. My team and I monitor that landscape closely and noticed an increase of tool publications…

When we first talked about Sigma in 2016, I was fascinated by a use case that would solve a major problem when SIEM analysts integrate logs of unknown systems and applications. I am talking about the “bundle with software” use case in which a developer provides Sigma rules with his/her…