Time altering techniques to evade your security controls

By John Reeman | January 31, 2024 |
How to detect EDR and SIEM evasion techniques

In this article I’ll be talking about ‘Time Travel’ and sadly it’s not an episode of ‘Dr Who’ or ‘Back to the Future’ and not really ‘Time Travel’ but I needed a catchy title! So what I am referring to is how hackers often change the system time of a particular system they are exploiting…

Read More

Endpoint Security Part 3: How to correlate threat intelligence

By John Reeman | December 20, 2023 |
Endpoint Security Part 3: Threat Intelligence

Overview In this third article of a 5 part series on ‘Endpoint Security’ I’m going to be showing you how you can incorporate ‘Threat Intelligence’ into your security operations strategy. There has been a lot written about threat intelligence over the last decade and it has different meanings to people depending on what industry you…

Read More

Endpoint Security Part 2: Enriching your security event data

By John Reeman | December 14, 2023 |
Data enrichment with Elastic

In this second part series on ‘Endpoint Security’ I’m going to delve into how you can enrich your security event data to provide further context to assist your security analysts when investigating incidents. In this example we will lead off where we ended from ‘Endpoint Security Part 1’  and so if you were following the…

Read More