PinnedAlex JohninDetect FYIDetecting and responding to ESXi compromise with SplunkA lack of AV/EDR on platforms such as these shouldn’t limit a defender’s ability to detect & respond to threats on virtualization…May 2, 2023May 2, 2023
PinnedAlex JohnHow I managed to get 92% on the GIAC GREM CyberLive exam!“It may seem difficult at first, but everything is difficult at first.” — Miyamoto MusashiMar 12, 20232Mar 12, 20232
Alex JohninDetect FYIDetecting and Responding to Spring4Shell with SplunkIt’s that time of the week again when you are just about ready to sit back with a nice glass of Longmorn 16 & long no more. But then, some…Apr 1, 2022Apr 1, 2022
Alex JohnHermeticWiper — Hermetica Digital Ltd. your friendly neighbourhood wipe r part 1TL;DR: Blue teamers can detect this by looking for sysmon new file creation event for a file ending with .sys in System32. You can also…Feb 26, 2022Feb 26, 2022
Alex JohnAutomating Intelligence-Driven Threat Hunting without a SOARI’ve always been a proponent of XREFing organizational context with cyber threat intelligence to produce actionable insights, i.e…Feb 6, 2022Feb 6, 2022
Alex JohnHow to prepare for the eCIR examSo, if you are here, you are either planning to purchase the IHRP course or just about ready to attempt the exam. Before my exam, I had…Oct 23, 2020Oct 23, 2020