Using Ollama & Fabric to build Sigma rules
In this blog, we are going to learn how to use an open-source llm (ollama) to build sigma rules. first, we will run tests, analyze the logs in splunk, and run a command to build our sigma from the splunk raw log we identified. Step 1: Collect Data Start by gathering detailed network information from…
Detection As Code (DAC) with Elasticsearch
One of the coolest things I like most about the ELK stack is the open-source nature of the solution, as well as the contributions it has been making to Detection as Code (DAC) development. https://github.com/elastic/detection-rules Let’s go through the development life cycle to complete testing of this rule. First, we must validate the syntax and…
Detecting discovery commands using MITRE Caldera and Splunk
We are going to review logs in Splunk based on our BAS testing of Discovery techniques from MITRE Caldera. One discovery technique we want to detect is identifying which antivirus software is running on a machine. An attacker can use this information to disable or evade detection by the antivirus. We can review the report…
How to Generate YARA Rules with YarGen
This guide provides a straightforward method for creating YARA rules from malware samples using YarGen and MalwareBazaar. 1. Setup Your Environment CRITICAL: Before you start, use a completely isolated virtual machine (VM). Do not handle malware on a machine connected to your network or containing sensitive data. Inside your VM, open a terminal and follow…
Using Hayabusa
Analyzing Local Windows Event Logs with Hayabusa This guide shows how to use Hayabusa to scan local Windows Event Logs for threats and view the results in Timeline Explorer. 1. Setup and Update Rules 2. Scan Local System Logs Hayabusa scans local EVTX files and saves all findings into a single results.csv file for analysis.…
Something went wrong. Please refresh the page and/or try again.
Networking-Dojo 