AI SOC in Action: 4 Ways Security Teams are Leveraging AI Today
Artificial intelligence (AI) is now an indispensable tool for security teams in today’s fast-paced cybersecurity landscape. From detecting threats to automating routine tasks, AI has already and continues to transform how Security Operations Centers (SOCs) work, making them more efficient and effective. Here I want to explore the top four ways security teams can leverage […]
How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems
What is binary padding? How can you detect against threats using junk data in various ways to evade defensive systems and sandboxes? Read on to learn more. Binary padding is the process of adding extra or junk data to a portable executable (PE) file that, while not changing the behavior of the binary, changes certain […]
Malware Reverse Engineering for Beginners – Part 2
In part 1 of this series, we warmed up and aligned with basic computing terminologies. We learned the basics of assembly and how to use disassemblers. All of these tools and techniques are very important for reversing malware samples. Different sorts of malware have different capabilities and implementations. As reverse engineers, we need to be […]
Threat Hunting Rule Extraction and Use Cases
TL;DR: You can now extract IOCs and behavioral indicators to a hunting rule format for your endpoint security system. This enables you to: Easily create hunting rules from any threat or alert uploaded to Intezer’s database. Automate the threat hunting process by tracking threat actors and getting a continuous feed of detection rules to hunt […]
Needle in a Haystack: Analyzing Every Alert to Find Serious Threats
Analyze every alert automatically with Intezer — learn more or sign up to try for free here. One of the greatest challenges security operations center (SOC) teams face is the high volume of daily alerts about suspicious files and endpoints that they must investigate. A lot has already been written about this “needle in the […]
Stay Ahead of the Latest Threats with Threat Family Tracking
TL;DR – You can now subscribe to threat actors/malware families in Intezer and receive notifications for new IoCs and detection opportunities. Staying on top of emerging threats and keeping your detection rules on track is challenging. To keep track, security teams have to continuously go over different reports, from different sources, for various threats. On […]
How to Write YARA Rules That Minimize False Positives
Generate Advanced YARA Rules Based on Code Reuse Incorporating YARA into daily security operations can accelerate incident response time, classify malware, empower threat intelligence and improve detection capabilities by creating custom signatures. While YARA is a popular tool for SOC and IR teams, the main challenge is deciding what to base your YARA rules on […]
SOC Level Up: Introduction to Sigma Rules
Sigma rules are catching on more and more for SOC teams, as a way to write one rule that can be used across multiple environments. By learning how Sigma rules work and how to create them, you can take your SOC skills to the next level. Detecting security breaches inside an infrastructure is heavily based […]
Scale Incident Response with Detection Engineering: Intezer Detect & Hunt
Adversaries are highly motivated, constantly expanding and improving their tools and techniques. On the other side of the fight, security teams are facing a severe resource shortage. There are more open positions than people to staff, and on top of that, it is difficult to find talent with the required skills. Although there are many […]
Make your First Malware Honeypot in Under 20 Minutes
For a free honeypot, you can use one of the several open-source options listed below. A “honeypot” is a metaphor that references using honey as bait for a lure or trap. Honeypots have served many purposes in history, including recruiting spies and catching criminals in real life. Honeypots have also long made their way into […]