AURORA – Leveraging ETW for Advanced Threat Detection

by Swachchhanda Shrawan | Jul 31, 2025

Aurora is a lightweight endpoint agent that applies Sigma rules and IOCs directly to Windows system events reconstructed from Event Tracing for Windows (ETW). Unlike traditional logging tools or Sysmon, Aurora subscribes to raw ETW streams and transforms them into...

Detecting the Most Popular MITRE Persistence Method – Registry Run Keys / Startup Folder

by Maurice Fielenbach | Jul 29, 2025

Persistence is a cornerstone tactic for both threat actors and red‑teamers, allowing them to cling to a compromised system even after reboots, credential resets, or other disruptions that might otherwise cut them off. MITRE ATT&CK places these activities in...

Cybersecurity Summit Insights: How Digital Sovereignty Strengthens Incident Response

by Franziska Ploss | Jun 30, 2025

At the recent Cybersecurity Summit in Hamburg, we joined our partner agilimo Consulting to present on the theme: “Cybersecurity made in Germany.” The central question: How can organizations turn digital sovereignty into real operational security – beyond just a...

Cybersecurity is Not a Solo Endeavor – A Recap of it-sa Expo&Congress 2024

by Marc Hirtz | Nov 4, 2024

Explore key takeaways from it-sa 2024 and learn how a collaborative approach to cybersecurity is essential for building resilient defenses.

Blog

AURORA – Leveraging ETW for Advanced Threat Detection

Detecting the Most Popular MITRE Persistence Method – Registry Run Keys / Startup Folder

Cybersecurity Summit Insights: How Digital Sovereignty Strengthens Incident Response

Cybersecurity is Not a Solo Endeavor – A Recap of it-sa Expo&Congress 2024