Few months back, I had the opportunity to conduct two workshops at BSidesDelhi and CSI Mumbai on the above topic. Both sessions were great experiences and allowed me to see the growing interest among the information security folks for the opensource ELK stack. Those who know me personally or follow me on social media (Twitter/Linkedin) […]

Welcome to the part 4 of malware development .In the previous parts 1, 2-1, 2-2 and 3, we created a binary which can listen to the commands from our botnet server. We also wrote the C2 server in python3 which can handle multiple connections via multithreading and send commands to all of them. In this […]

In the previous parts 1, 2-1 and 2-2 of this series we created a binary that can connect to, and parse commands sent via netcat listener. However, netcat is not an ideal choice for a Botnet Server, and in this post, we will be writing a full-fledged python3 Botnet Server, sending commands to our Bot […]

  In the previous parts of this blog series, I introduced the concept of writing a full-undetectable malware and about writing a client-side socket using Windows API. In this blog, we are going to parse the reply received from the netcat server and prompt a reply as to whether the command was parsed or not. […]

Welcome to the second part of the malware development blog series. Here’s the link to Part 1. Given the length of Part 2, I have split this 2nd part of the blog series into two itself. So, this is what we will cover in part 2: Hide the console Window from user [Part 2-1] Write […]

If you are in cybersecurity, especially Red Teaming, writing a full-undetectable (FUD) malware is a great skill to have. Folks tend to use Metasploit combined with Veil-Evasion or PE injectors like LordPE or Shelter, to generate a binary which can bypass the antivirus. Sometimes this works and sometimes it does not. The worst thing that […]

  ELK Stack is a collection of three components – Elasticsearch, Logstash & Kibana Logstash – This component is responsible for processing incoming data. It takes input from different sources, executes different transformations and stores the results in Elasticsearch or other formats Elasticsearch – NoSQL database based on Apache Lucene’s search engine. Kibana – Web […]

An important aspect of effective threat hunting is to understand what is normal in an environment. If a threat hunter is able to baseline the normal behaviour in a system then any abnormality is most likely due to an actor that has newly entered the environment. This actor could be a new software installation, new […]

Amazon Web Services (AWS) is a secure cloud platform service which is hybrid of Infrastructure as a Service (IaaS), Platform as a Service(PaaS), and Software as a Service (SaaS). It offers various services starting from data warehousing to content delivery. It allows easy deployment of “local cloud” on premises, which is a highly sought out […]

The past 12-18 months we have seen a lot of activity in the area of breach response. We not only launched our Big Data Security Analytics platform using ELK, began doing active threat hunting as a service, but we also significantly strengthened our breach response capabilities. I spent most of my consulting hours responding to […]