Disable Microsoft Defender – Detection

This was simple detection where Microsoft Defender services were blocked and events were observed. Detection queries for the same are present at the end. Windows Defender alerts you when spyware or potentially unwanted software attempts to install itself or to run on your computer. Microsoft SpyNet is the online community that helps you decide the […]

Sysmon Playbook Event ID 15

When a file is downloaded from the internet it is saved to the local system. File streams are recorded by this event id when the file is being downloaded mostly from web browser. As evident in the picture we can see the Image is Chrome.exe and Target File Name is Mimikatz file. It is pertinent […]

What is SIEM and it’s functionality

SIEM is a tool that collects, aggregates, normalizes the data and analyses it according to pre-set rules and presents the data in human readable format. The video below talks in detail about the internal working of the SIEM solutions and how the different vendors use this functionality and different terminologies used by them. It briefly […]

What is Security Operations Center (SOC)

A Security Operation Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents. Below you will find my presentation link for this topic where you can see complete video.