Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CTHoW v2.0 – Cyber Threat Hunting on Windows

Why did I started CTHoW? As someone with a huge passion for information security. It is always a must to keep on top of the latest TTPs of adversaries to be able to defend your network. I was always impressed with the MITRE ATT&CK framework that helps the community by sharing the latest techniques, attackers […]

Trigona ransomware

Why did I started CTHoW? As someone with a huge passion for information security. It is always a must to keep on top of the latest TTPs of adversaries to be able to defend your network.

I was always impressed with the MITRE ATT&CK framework that helps the community by sharing the latest techniques, attackers are using nowadays in their engagements, and how companies can defend and mitigate these attacks to reduce down the impact of a (cyber)-attack.

One of the main reasons, I decided to share CTHoW was mainly because I felt that there wasn’t a clear ”how-to” detect TTP <XYZ>.

It was a lot about coverage and mapping your detecting techniques to MITRE ATT&CK, but let’s be honest. Most SIEM solutions aren’t that mature (yet) and it wouldn’t surprise me that most SIEM are still only collecting logs from the perimeter.
CTHoW was developed to help Blue Teamers (Usually SOC / Threat Hunters) to improve their detection and investigation plan to have a sort of a ”basic”.

CTHoW v2.0 – Cyber Threat Hunting on Windows from Huy Kha

https://www.slideshare.net/HuyKha2/cthow-v20-cyber-threat-hunting-on-windows

About the author: Huy Kha

Huy is an information security professional with a huge passion for Identity & Access Management. He likes to share knowledge with the community and is known for all his publications around Windows & Active Directory security.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – CTHoW, Mitre)

[adrotate banner=”5″]

[adrotate banner=”13″]