How To Detect SYSVOL Enumeration Exploits
SYSVOL is a target for attackers who want to gain unauthorized access to the domain. An attacker accessing a domain is catastrophic to any organization; admins would need to go thr...
Read MoreWhat Are Event Logs and Why Do They Matter?
Logs are everywhere -- which is good because they're a critical piece of operations work in computing, whether you work in DevOps, security operations, or IT operations. Analyzi...
Read MoreA Blue Teamer’s Bug Report
Recently I submitted my first ever bug report! For me, it's a big deal, since I usually think of bug reports as being something that only red teamers and pentesters are able to fin...
Read MoreBlumira’s SIEM Detection Rules Explained
A security information and event management (SIEM) platform detects and alerts on malicious behavior in an environment to protect from threats such as ransomware and breaches. S...
Read MoreHow To Detect AS-REP Roasting With Blumira
During a recent proof of concept with a new customer, there was an interesting back and forth between our Blumira team and the customer testing our detections in a pentesting lab e...
Read MoreWhat To Log In A SIEM: Logging Best Practices
A poorly configured SIEM can result in an overwhelming amount of useless alerts — or worse, a lack of alerts for real security incidents. Neither option is ideal. Many new B...
Read More