Detection Engineering: Practicing Detection-as-Code – Repository – Part 2 文章第二部分探讨了Detection-as-Code中设计检测存储库的关键要素，包括Git平台选择、分支策略、存储库结构、检测标准化、分类法及内容包，并强调根据团队需求调整设计以避免过度工程化。... 2025-7-17 08:0:0 | 阅读: 5 | 收藏 | NVISO Labs - blog.nviso.eu detections development repository network packs

Detection Engineering: Practicing Detection-as-Code – Introduction – Part 1 这篇文章介绍了检测工程（Detection Engineering）的基本概念和 Detection-as-Code 方法。通过 Detection Development Life Cycle (DDLC) 的六个阶段（需求收集、设计、开发、测试与部署、监控和持续测试），文章详细讲解了如何系统化地开发和管理威胁检测逻辑，并强调了 Detection-as-Code 在提升协作性、一致性、质量、效率和可扩展性方面的优势。这种方法适用于 MSSP 和内部 SOC 等场景。... 2025-7-8 08:0:0 | 阅读: 19 | 收藏 | NVISO Labs - blog.nviso.eu detections development software repository practicing

Tracking historical IP assignments with Defender for Endpoint logs 在网络安全事件中，追踪CEO笔记本电脑的IP地址变化以确定攻击者是否横向移动。利用微软Defender XDR和MDE工具中的DeviceNetworkInfo表，通过KQL查询分析IP地址历史，生成会话记录以识别设备连接时间段。... 2025-6-19 07:0:0 | 阅读: 15 | 收藏 | NVISO Labs - blog.nviso.eu ipaddresses sessionid adapter deviceid ipver

Intercepting traffic on Android with Mainline and Conscrypt 这篇文章介绍了Android系统中证书管理的变化，特别是从Android 14开始通过Mainline模块Conscrypt管理和更新根证书的方式。作者详细讲解了AlwaysTrustUserCerts模块如何支持从Android 7到16 Beta的版本，并通过复制用户证书到系统目录并挂载到Conscrypt的apex目录来解决HTTPS流量拦截问题。... 2025-6-5 07:0:0 | 阅读: 12 | 收藏 | NVISO Labs - blog.nviso.eu apex 1970 conscrypt security 0k

Crisis Management – Beacon in the Storm 本文探讨了危机管理在应对勒索软件等网络安全威胁中的重要性，强调了建立有效的危机管理团队和沟通策略的关键作用。通过透明的信息传递和内外部利益相关者的有效互动，企业可以更好地应对危机并减少损失。同时，合规性和事后总结也是提升企业抗风险能力的重要环节。... 2025-4-17 07:0:0 | 阅读: 7 | 收藏 | NVISO Labs - blog.nviso.eu crisis parties ransomware identify

How to hunt & defend against Business Email Compromise (BEC) 商业电子邮件泄露（BEC）是一种常见的网络攻击手段，通过钓鱼邮件获取用户凭证并访问敏感信息或发起内部钓鱼攻击。文章介绍了通过分析登录日志、地理位置等指标进行威胁狩猎的方法，并建议实施多因素认证、条件访问策略和提升用户安全意识以减少风险。... 2025-3-21 07:30:0 | 阅读: 25 | 收藏 | NVISO Labs - blog.nviso.eu ipaddress trusttype

Attack and Defense in OT: Enhancing Cyber Resilience in Industrial Systems with Red Team Operations 文章探讨了工业环境中运营技术（OT）安全的重要性，并通过红队评估模拟攻击展示了如何识别和缓解威胁。案例分析揭示了网络攻击和物理入侵的风险，并提出了加强邮件安全、权限管理、网络分段和物理安全等措施以提升安全性。... 2025-2-28 09:10:0 | 阅读: 20 | 收藏 | NVISO Labs - blog.nviso.eu network security operational attacker cleaning

What’s new for TIBER-EU? 本文总结了更新后的TIBER-EU框架，结合DORA TLPT要求，介绍了关键功能（CIFs）的定义与数量限制、角色与责任细化、多党及多司法管辖区测试、测试流程优化、场景与威胁情报报告要求以及紫队作为强制步骤等内容。... 2025-2-14 13:4:9 | 阅读: 14 | 收藏 | NVISO Labs - blog.nviso.eu tiber purple tlpt teaming dora

Backups & DRP in the ransomware era In today’s digital landscape, the threat of ransomware has forced organi... 2025-1-29 07:30:0 | 阅读: 14 | 收藏 | NVISO Labs - blog.nviso.eu backup cloud ransomware principles

Detecting Teams Chat Phishing Attacks (Black Basta) Attack DescriptionFor quite a while now, there has been a new ongoing... 2025-1-16 07:32:14 | 阅读: 20 | 收藏 | NVISO Labs - blog.nviso.eu microsoft bombing subjects

Microsoft Purview – Evading Data Loss Prevention policies IntroductionMicrosoft Purview is a comprehensive solution that helps organizations manage an... 2024-12-18 13:45:17 | 阅读: 9 | 收藏 | NVISO Labs - blog.nviso.eu sensitivity microsoft purview dlp security

Your Playbook to a better Incident Response Plan In 2023, 1271 incidents were reported to European Authorities via EIDAS, NISD, and EECC, a 20%... 2024-12-10 15:30:0 | 阅读: 21 | 收藏 | NVISO Labs - blog.nviso.eu defining exercises ransomware crisis blogpost

Building Cyber Resilience Against Ransomware Attacks Or, “Yet another ransomware blog post?”“Yet another ransomware blog post?” I hear you aski... 2024-12-3 17:37:21 | 阅读: 11 | 收藏 | NVISO Labs - blog.nviso.eu ransomware resilience crisis security

Wake up and Smell the BitLocker Keys Many enterprise laptops use BitLocker to provide full disk encryption (FDE) to protect sensitive... 2024-11-26 15:30:0 | 阅读: 6 | 收藏 | NVISO Labs - blog.nviso.eu tpm bitlocker vmk security chip

The Importance of Establishing a Solid Third Party Risk Management Framework for Risk Mitigation In the previous post, we introduced the concept of Third-Party Risk Management (TPRM) and its... 2024-11-19 15:30:0 | 阅读: 8 | 收藏 | NVISO Labs - blog.nviso.eu security parties tprm monitoring criticality

TLPT & ME: Everything you need to know about Threat-Led Penetration Testing (TLPT) in a TIBER world. In our previous post, we published an analysis of current TIBER implementations ahead of DOR... 2024-11-8 15:55:0 | 阅读: 15 | 收藏 | NVISO Labs - blog.nviso.eu tlpt tiber testers dora ict

How AI forces us to expand our thinking about basic cybersecurity concepts: Part 2 – Confidentiality IntroductionIn the first part of this mini-series, we explored briefly what kind of impact... 2024-10-31 16:48:22 | 阅读: 19 | 收藏 | NVISO Labs - blog.nviso.eu datasets

How AI forces us to expand our thinking about basic cybersecurity concepts: Part 1 – Introduction The traditional CIA Triad (Confidentiality, Integrity, and Availability) has long been a corne... 2024-10-31 01:24:4 | 阅读: 10 | 收藏 | NVISO Labs - blog.nviso.eu security cia triad predictable

Hunting for Remote Management Tools: Detecting RMMs In our previous blog post about RMM (Remote Management and Monitoring) tools, we highlighted the pre... 2024-10-21 15:0:0 | 阅读: 26 | 收藏 | NVISO Labs - blog.nviso.eu bomgar remote rmm rmms remoteurl

All that JavaScript for… spear phishing? NVISO employs several hunting rules in multiple Threat Intelligence Platforms and other sources,... 2024-10-2 23:0:0 | 阅读: 27 | 收藏 | NVISO Labs - blog.nviso.eu phishing cryptojs stage decoded malicious