Blue Team Archives - Page 2 of 2 - Original-Network.com

Dec 06

The core function of a SOC

By Christopher GLEMOT in CERT, Cybersecurity, Detection & Response, Security Event Management, SOC

The core function of a SOC (Security Operations Center) is to investigate, monitor, prevent, and respond to threats. SOC teams benefit from using a single platform with integrated yet disparate technologies for a full-picture view that is continually updated with emerging threat intelligence. This unified perspective simplifies security monitoring, supports incident response workflows, and provides …

Blue Team, SIEM, SOC

Nov 27

Play ransomware infection routine

By Christopher GLEMOT in Backup, CERT, Ransomware, SOC

A ransomware gang named “Play” was discovered on the Dark Web. Along with them, a list of 22 victims has been revealed. There is a piece of evidence that points to a possible connection between Play ransomware and Quantum ransomware, which is an offshoot of the notorious Conti ransomware group. The Cobalt Strike beacons that …

Blue Team, Cartel, Dark Web, Play, Ransomware as a Service, Reverse, SOC, SOC Analyst, Threat Hunting

Nov 24

Identify a piece of malware with Yara

By Christopher GLEMOT in Malware, Ransomware, Security, SOC

Yara rules classify and identify malware samples by creating descriptions of malware families (it is a tool used to identify files, based on textual or binary pattern). YARA rules are like a piece of programming language, they work by defining a number of variables that contain patterns found in a sample of malware. If some …