I published the following diary on isc.sans.edu: “Hunting for Suspicious Processes with OSSEC“: Here is a quick example of how OSSEC can be helpful to perform threat hunting. OSSEC is a free security monitoring tool/log management platform which has many features related to detecting malicious activity on a live system like the
Usually, I don’t speak or even try to give references to commercial security products on my blog. Why? Just because, my philosophy is the following: “First analyze the problems and then choose the right solution(s)“. The proposed solution could be commercial or free, hardware or software based, who cares? If
There was an interesting post on the diary page of isc.sans.org yesterday: Some readers asked why ISC did not switch the InfoCon status to yellow due to the recent IE 0-day exploit. The on-duty ISC handler explained the situation and why they decided to stay “Green”. The following question popped
