We've updated our Antivirus Event Analysis Cheat Sheet to version 1.12.0. It includes updates in several sections New signatures for PUA like FRP and Adfind Signature strings have been sorted alphabetically (not shown in the screenshot below) You can download the new...
Antivirus Event Analysis Cheat Sheet v1.11.0
We've updated our Antivirus Event Analysis Cheat Sheet to version 1.11.0. It includes updates in several sections add special identifiers for other hack tools and ransomware (sync with Sigma rule changes provided by Arnim Rupp in PR #3919 and #3924) You can download...
Antivirus Event Analysis Cheat Sheet v1.10.0
We've updated our Antivirus Event Analysis Cheat Sheet to version 1.10.0. It includes updates in several sections add special identifiers for Sliver and Brute Ratel C4 framework implants many new tags for Virustotal assessments You can download the new version here....
Antivirus Event Analysis Cheat Sheet v1.9.0
We've updated our Antivirus Event Analysis Cheat Sheet to version 1.9.0. It includes updates in almost all sections add special indicators for all kinds of Microsoft Exchange exploitation activity (ProxyLogon, ProxyShell etc.) moves Ransomware indicators to highly...
Antivirus Event Analysis Cheat Sheet v1.8.2
The analysis of Antivirus events can be a tedious task in big organizations with hundreds of events per day. Usually security teams fall back to a mode of operation in which they only analyze events in which a cleanup process has failed or something went wrong. This...
Antivirus Event Analysis Cheat Sheet v1.8
Download the Antivirus Event Analysis Cheat Sheet version 1.8.1 here.
Antivirus Event Analysis Cheat Sheet v1.7.2
We've just released an updated version of our Antivirus Event Analysis cheat sheet. You can download version 1.7.2 here. The major changes are: Updated AV signature lists Extended file extension list
Antivirus Event Analysis Cheat Sheet v1.7
We've just released an updated version of our Antivirus Event Analysis cheat sheet. You can download version 1.7 here.The major changes are:Updated AV signature listsSplit AV signature cells into two columns to save spaceFixed and added some directory namesExtended...
Antivirus Event Analysis Cheat Sheet v1.4
Download the newest version of our Antivirus Event Analysis Cheat Sheet here. --- Update 09.09.18 10:30am CET Thanks to Markus Neis, I've updated version 1.4 and created a version 1.5 just a few hours after my tweet. You can download version 1.5 here.
New Antivirus Event Analysis Cheat Sheet Version 1.2
Today we release a new version of our "Antivirus Event Analysis" Cheat Sheet that helps you with the analysis of Antivirus events by providing a clear decision matrix. We've updated many of the sections, added new VirusTotal online analysis checks and brought it in a...
How to Perform Compromise Assessments on NetScaler / Citrix ADC Appliances Using THOR
In today's interconnected world, cyber adversaries are increasingly targeting and exploiting Internet-facing appliances and devices with unconventional or restricted operating systems. A pressing concern for users is whether it's possible to perform a compromise...
How to scan ESXi systems using THOR
More and more often, adversaries target and exploit Internet-facing appliances or devices with exotic or restricted operating systems. Users ask if there is a way to run a compromise assessment scan on these systems with the YARA rules used in THOR. Following up on...