Stamus Networks Blog

We believe that sharing information is necessary to improve global security. The purpose of this blog is to share our experiences, perspectives and experiments.

Subscribe to our Blog

Blog /
Showing 50 results
of 50 items.
Reset All

Category

Uncovered with Stamus Security Platform: Tapped on the Shoulder

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Suricata Threat Hunting Fundamentals

Before beginning any sort of threat hunt, it is important to consider the tools you are using. This...

Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD)

In aprevious blog post, we announced the release of Open NRD from Stamus Networks - a set of threat...

Threat Hunting for Unknown Actors & Threats using NRD and Sightings

This week’s guided threat hunting blog focuses on hunting for high-entropy NRD (newly registered...

Incorporating Newly-Registered Domains into Stamus Security Platform Workflow

Every day, new Internet domains are registered through the Domain Name System (DNS) as a natural...

How to Improve Threat Hunting with Organizational Context

Threat hunting is a common practice for many mature security organizations, but it can be time...

Analyzing Network Traffic with Kibana in SELKS: the SN-Hunt-1 Dashboard Part 1

Keeping your network secure can feel like an endless game of cat and mouse. But with SELKS and its...

The Hidden Value of Suricata Detection Events: NSM-Enriched IDS Alerts

If you use Suricata, then you are familiar with the way Suricata generates detection events —...

Use SELKS to solve the Unit 42 Wireshark Quiz

This blog describes how to solve the Unit 42 Wireshark quiz for January 2023 with SELKS instead of...

Detecting Attacks Against CVE-2022-39952 (FortiNAC)

This blog describes the steps Stamus Networks customers may take to determine if any of your...

Hunting for Suspicious DNS Use During Policy Verification

This week’s guided threat hunting blog focuses on verifying a policy enforcement of domain...

Hunting for Lateral Executable Transfers

It is not uncommon to see executable file transfers within an organization. However, it is...

Hunting for Punycode Domain Phishing

Punycode domains have traditionally been used by malware actors in phishing campaigns. These...

Hunting for Suspicious DNS Requests with Long Domain Extensions

When you see a domain request from a user/client to a non-local or otherwise unfamiliar or...

Detecting Attacks Against OpenSSL Vulnerabilities

This blog describes the steps Stamus Networks customers may take to determine if any of your...

Hunting for Suspicious DNS Requests with Short Domain Extensions

Non-local domain requests from the user/client network could signal trouble for an organization....

Hunting for the use of DNS Over HTTPS

DNS over HTTPS (DoH) is a network protocol used to protect the data and privacy of users by...

Hunting for Plain Text Executables with Stamus Security Platform

Plain text executables (such as those downloaded from a PowerShell user agent) are often seen on...

Hunting for Internal Use of Dynamic DNS with Stamus Security Platform

This week in our series on guided threat hunting, we are focusing on locating internal use of...

Hunting for Use of Foreign Domain Infrastructure with Stamus Security Platform

This week’s guided threat hunting blog focuses on hunting for foreign domain infrastructure usage...

Hunting for Unauthorized Activity from Critical Infrastructure

This week’s guided threat hunting blog focuses on hunting for Let’s encrypt certificates that were...

Hunting for Unauthorized Admin User Activity with Stamus Security Platform

In this week’s guided threat hunting blog, we will focus on hunting for Let’s Encrypt certificates...

Hunting for Rogue Proxy Servers

In this week’s guided threat hunting blog, we focus on using Stamus Security Platform to identify...

Hunting for Phishing Activity with Stamus Security Platform

In this week’s guided threat hunting blog, we focus on using Stamus Security Platform to uncover...

Hunting for Unauthorized FTP Usage

This week’s guided threat hunting blog focuses on a specific policy violation - the use of...

Hunting for File Sharing Service Policy Violations

This week’s guided threat hunting blog focuses on policy violations; specifically, violations...

Hunting for Malware Masquerading as an Image File

For week 2 of our series on guided threat hunting, we will be reviewing a hunting technique to...

After the Hunt

So, what’s next? You’ve had a successful hunt, uncovered some type of threat or anomalous behavior...

Hunting For Potentially Unwanted Programs (PUP)

In addition to deploying advanced detection technologies, many security teams make threat hunting...

Introduction to Guided Threat Hunting

Stamus Security Platform is loaded with features that help security teams leverage network traffic...

Uncovered with Stamus Security Platform: Raiz0WorM

In this series of articles we share hands-on experience from active hunts in the real world. We...

Uncovered with Stamus Security Platform: Spyware Missed by EDR

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Feature Spotlight: Pivot from IDS Alert Metadata to Signature Details

Sometimes, even after extensive training, we forget about important features or ways of using a...

Intrusion Analysis and Threat Hunting with Open Source Tools @ FloCon 2022

In its early years, FloCon was an academic conference focused exclusively on network flow data but...

Troopers Training: Intrusion Analysis and Threat Hunting with Open Source Tools

The importance of having a strong security team has been growing in recent years, and many...

Uncovered with Stamus Security Platform: Danger in the Datacenter

When the blue team needs to mount a network defense, they must answer some very common questions:

  • ...

Uncovered with Stamus Security Platform: User Agents Tell the Story

Stamus Security Platform (SSP) helps bank identify threat to its accounting network

With the help...

Uncovered with Stamus Security Platform: Shadow IT

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Endpoint-Based and Network-Based Threat Hunting — Each Has its Strengths

Threat hunting—the proactive detection, isolation, and investigation of threats that often evade...

Uncovered with Stamus Security Platform: MoDi RAT

In this series of articles, we will explore a set of use cases that we have encountered in...

Why Context is Critical for Successful Network Detection and Response

As mentioned in an earlier article, organizations seeking to identify cyber threats and mitigate...

Is Network Traffic Analysis (NTA) dead in an age of Network Detection and Response (NDR)?

Organizations seeking to proactively identify and respond to cyber threats in order to mitigate...

SELKS5 RC1 - Threat Hunting and more...

Hi!Yet another upgrade of our SELKS. We are very thankful to all the great Open Source projects and...