PinnedAlex JohninDetect FYIDetecting and responding to ESXi compromise with SplunkA lack of AV/EDR on platforms such as these shouldn’t limit a defender’s ability to detect & respond to threats on virtualization…4 min read·May 2, 2023----
PinnedAlex JohnHow I managed to get 92% on the GIAC GREM CyberLive exam!“It may seem difficult at first, but everything is difficult at first.” — Miyamoto Musashi9 min read·Mar 12, 2023--2--2
PinnedAlex JohninDetect FYIDetecting and Responding to Spring4Shell with SplunkIt’s that time of the week again when you are just about ready to sit back with a nice glass of Longmorn 16 & long no more. But then, some…3 min read·Apr 1, 2022----
Alex JohnHermeticWiper — Hermetica Digital Ltd. your friendly neighbourhood wipe r part 1TL;DR: Blue teamers can detect this by looking for sysmon new file creation event for a file ending with .sys in System32. You can also…4 min read·Feb 26, 2022----
Alex JohnAutomating Intelligence-Driven Threat Hunting without a SOARI’ve always been a proponent of XREFing organizational context with cyber threat intelligence to produce actionable insights, i.e…2 min read·Feb 6, 2022----
Alex JohnHow to prepare for the eCIR examSo, if you are here, you are either planning to purchase the IHRP course or just about ready to attempt the exam. Before my exam, I had…5 min read·Oct 23, 2020----