Hey there, fellow threat hunters! 👋 Welcome to part 4 of our MITRE ATT&CK journey! Today, we're exploring how to integrate MITRE D3FEND into our project. This isn't going to be a perfect solution, but it's a solid starting point for anyone looking to connect offensive techniques with their defensive counterparts. Why Map D3FEND to ATT&CK? The MITRE ATT&CK framework gives us great insights...

Hey there, fellow threat hunters! 👋 Today we're diving into process investigation with PowerShell. Whether you're hunting malware or troubleshooting system issues, understanding processes is crucial. Let's dig in! Basic Process Information Let's start with the basics: # Get all running processes Get-Process...

Hey there, fellow threat hunters! 👋 Today we're diving into PowerShell remote management. Whether you're managing a fleet of servers or investigating a suspicious endpoint, knowing how to work remotely is essential. Let's get started! Check Remote Access First, let's see if we can even connect remotely: #...

Hey there, fellow threat hunters! 👋 Today we're talking about something that can bite you when you least expect it - Event Log sizes and retention policies. Because nobody wants to investigate an incident only to find out the logs are gone! Check Current Log Settings First, let's see what we're working...

Hey there, fellow threat hunters! 👋 Today we're diving into the fascinating world of Windows Event Logs with PowerShell. Sure, the Event Viewer GUI is nice, but real pros use PowerShell to get exactly what they need. Let's cut through the noise and get to the good stuff! The Basics First things first...

Hey there, fellow threat hunters! 👋 Today we're diving into something straightforward but super useful - how to export PowerShell data to CSV files. Whether you're collecting system information, analyzing logs, or just need to get data into Excel, this one's for you. The Basics PowerShell's Export-Csv...

Hey there, fellow threat hunters! 👋 Welcome to part 3 of our MITRE ATT&CK journey! In our previous posts, we covered data retrieval and relationship mapping. Today, we're diving into something visually exciting - analyzing and visualizing our MITRE ATT&CK data using the MITRE ATT&CK...

Hey there, fellow threat hunters! 👋 Welcome back to part 2 of our MITRE ATT&CK journey! Last time, we built a solid foundation by setting up our data fetching infrastructure. If you haven't read part 1 yet, I highly recommend checking it out first. Today, we're going to dive into something...

Hey there, fellow threat hunters! 👋 Today, we're diving into something that every security professional should have in their toolkit - working with MITRE ATT&CK data programmatically. If you've been manually browsing the MITRE website to look up techniques, it's time to level up your game! What's MITRE ATT&CK Anyway? Before we get our hands dirty with code, let's quickly understand...