ADSISearcher
What is ADSISearcher? ADSISearcher is a simplification of the .NET class `System.DirectoryServices.DirectorySearcher` in PowerShell. It allows you to make LDAP queries to retrieve data from the Active Directory, such as user and computer information, group memberships and other properties of AD objects. The syntax is comparatively simple, as ADSISearcher is a short form. How do […]
Alert Assistant
What is an Alert Assistant and why is it important in cyber security? An alert assistant is an automated monitoring system that detects potential security incidents and alerts the user. In cyber security, such an assistant is used to monitor network activity, anomalies and threats in real time. The assistant can identify and prioritize security […]
Alert Dashboard
What is an Alert Dashboard? An alert dashboard is a central interface that displays security alerts in real time from various sources such as SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), firewalls and other security systems. The dashboard provides an overview of a company’s current threat situation by consolidating security-related incidents […]
Command and Control (C&C)
What is command and control (C&C) in cyber security? Command and control (C&C) refers to the communication infrastructure that attackers use to control compromised systems or networks. This infrastructure enables attackers to remotely activate malware, execute commands, exfiltrate sensitive data and coordinate other operations. C&C mechanisms are essential for the operation of botnets, ransomware campaigns […]
Compromise Assessment
What is a Compromise Assessment? A Compromise Assessment is a thorough and structured review of an organization’s entire IT environment to determine whether a cyberattack has occurred or is currently underway. It is used to find evidence of compromise (such as malware, suspicious network activity or unauthorized access) that might otherwise have gone undetected. This […]
Data Loss Prevention (DLP)
What is Data Loss Prevention (DLP) and how does it work? Data loss prevention (DLP) refers to technologies, strategies and processes that serve to protect sensitive data from loss, theft or unauthorized access. How it works: Identification of sensitive data: Through classification technologies (e.g. pattern recognition, data categorization). Monitoring of data traffic: Control of data […]
DNS tunnel
What is DNS tunneling and how does it work? DNS tunneling is a technique that abuses the Domain Name System (DNS) to transmit data or communications that would normally be blocked by security mechanisms. DNS is primarily used to resolve domain names into IP addresses. However, DNS tunneling hides data in the DNS requests or […]
Dropper
What is a dropper? A dropper is a type of malicious software (malware) that has been specially developed to install other malicious programs on a target system. Its primary purpose is not to cause damage itself, but to provide a platform for the actual malware. This can include ransomware, keyloggers or spyware. The dropper is […]
LOLBAS/LOLBins
What is a LOLBin? An LOLBin (Living Off The Land Binary) is a legitimate system file or script that was originally developed for administrative or diagnostic purposes. However, attackers use these files to carry out malicious activities without injecting new, suspicious files into the system. This approach makes detection by traditional security solutions such as […]
MFA – Multi-factor authentication
What is multi-factor authentication (MFA)? Multi-factor authentication (MFA) is a security method that requires users to provide multiple independent proofs of their identity before they are granted access to a system or application. Unlike traditional single-factor authentication, which usually only requires a password, MFA combines different types of authentication factors. This additional layer of security […]