![]() This notebook attempts to query for and analyze Base64-encoded commands found in execve logs in your Azure Sentinel workspace. ![]() A specific case of this is discussed and analyzed here. This is often seen in crypto mining attacks. This Guided Hunting: Base64-Encoded Linux Commands Notebook was created in response to an increasing number of attackers encoding their bash commands into Base64. Thus, we’ve been working on expanding coverage on Linux-specific investigations. Many of our Azure customers use Linux virtual machines, and we are always looking for ways to help our customers in their security investigations. Please note that all notebooks are live on Github and under revision so be aware that the notebooks you use might be slightly different from those described in blog posts. These notebooks are all built using Microsoft Threat Intelligence Center’s Python API MSTICpy. Other notebooks you can access now are available on the Azure Sentinel Notebook Github and cover Windows host exploration, IP Addresses, Domains & URLs, Linux hosts, and much more. Here are links to Part 1, Part 2, and Part 3. ![]() A blog series written last year covers the use of Jupyter notebooks in threat hunting in more detail.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |