This blog will discuss different tools and tactics used to find malicious activity on a computer network. The activity can be defined as malware traffic, suspicious user activity, or even auditing for clear text passwords; although most of the content will be around malware activity.
Even though this information can be used by anyone, I will mainly be focusing on the small-to-medium sized businesses where budgeting can be tight. Therefore, all tools discussed on will be open source and easily available.
What can you find here? I will discuss how to search through hundreds of thousands of log entries to find that one small indicator of compromise, unique network indicators for aggressive malware, and many other topics to help people find evidence of malicious activity. Simply put, I am a huge fan of Open Source Intelligence and the sharing of threat information.
Who am I? I am in the information security field, as well as a technology hobbyist, and have been in the business for over fifteen years.
I hope you find this information useful. Feel free to comment, ask questions, or speak up about any mistakes you may find. If you need any help, then please feel free to contact me via email, or through Twitter. Thank you!