eBPF – Modern Linux Telemetry Collection
In a previous article, I covered Window’s kernel driver KAPC injection and how it can be used to enable the collection of security-related telemetry. While KAPC injection, along with a…
Blue Team
How Windows EDR Collects Telemetry with KAPCs (+ How Mimikatz Detects it)
Recently I had to the joy of reading “Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems.” by Matt Hand while on vacation. First off, this is an absolute…
Hunting Malware with Sysmon
Could your organization detect malware infections if your EDR/XDR tools disappeared tomorrow? The answer for most organizations is a hard, bold, and underlined “no.” Even with their precious EDR/XDR tools,…
Get Your Logs on Lockdown with SIEM
Computers are complex machines and, unfortunately for us IT people, that will only get worse with time. Our human minds can’t begin to comprehend all the execution cycles happening as…