While the Elastic Stack (ELK) is typically used for live log monitoring, Winlogbeat can be modified to manually send cold logs, or old, inactive Windows Event Logs (EVTX) to ELK for analysis. This functionality allows an analyst to take EVTX files ... READ MORE
Main Content
From the War Room Blog
Ransomware attacks continue to get worse
Where did we start? From time to time, I still reminisce about my first ransomware investigation. The attack affected a family business in Florida during the summer of 2015. Business was humming along until one fateful morning when an employee ... READ MORE
Crimson Forge
Today RSM US has released a new research project dubbed Crimson Forge. The project originated from the desire to add evasion capabilities to existing, native payloads. The intention is to target x86 and AMD64 shellcode and automatically rewrite it to ... READ MORE
Solarwinds
How a Default SolarWinds Guest Account Can Facilitate Compromise – and How to Fix It The Problem SolarWinds is a leading provider of network monitoring and configuration management software. However, there’s a default feature on the SolarWinds ... READ MORE
No More Mimikatz
Mitigating Windows Credential Flaws There’s a vulnerability in Windows systems that is leveraged time and time again while compromising a network. Though the technique is well known to attackers, it is rarely mitigated effectively. Bad ... READ MORE
Stanford Password Policy
A creative solution for stronger passwords Rules, Rules, Rules Most of us are familiar with basic password rules: Don’t use ‘password’. Duh. Don’t use your username as your password. Got it. Don’t repeat the same password for multiple ... READ MORE