Stamus Networks Blog

We believe that sharing information is necessary to improve global security. The purpose of this blog is to share our experiences, perspectives and experiments.

Subscribe to our Blog

Blog /
Showing 54 results
of 54 items.
Reset All

Category

Recent Posts

Uncovered: SSP Identifies Massive Breach During Evaluation

Oct 15, 2024 Caroline Rahme
Network Detection and Response, Scirius Security Platform, Threat Hunting, Uncovered with SSP, Endpoint Detection, Declarations of Compromise

For many organizations considering Network Detection and Response (NDR), one of the most valuable...

Read More
Uncovered with Stamus Security Platform: Lateral Active Exploits by Peter Manev

Uncovered with Stamus Security Platform: Lateral Active Exploits

Aug 08, 2024 Peter Manev
Threat Hunting, Uncovered with SSP, Stamus Security Platform

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Read More
Uncovered with Stamus Security Platform: DarkGate Malware as a Service (MaaS) by Peter Manev

Uncovered with Stamus Security Platform: DarkGate Malware as a Service (MaaS)

Jul 30, 2024 Peter Manev
Threat Hunting, Uncovered with SSP, Stamus Security Platform

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Read More
Uncovered: High Entropy Domain Connections by Peter Manev

Uncovered with Stamus Security Platform: High Entropy Domain Connections

Jul 18, 2024 Peter Manev
Threat Hunting, Uncovered with SSP, Stamus Security Platform

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Read More
Threat Hunting with the Open Lateral Movement Ruleset for Suricata by Peter Manev

Threat Hunting with the Open Lateral Movement Ruleset for Suricata

Jul 04, 2024 Peter Manev
SELKS, Open Source, Threat Hunting, Network Security Monitoring, IDS-IPS, Stamus Labs

In November of 2022 we announced a Suricata ruleset specifically focused on detecting lateral...

Read More
Uncovered with Stamus Security Platform: Tapped on the Shoulder by Phil Owens

Uncovered with Stamus Security Platform: Tapped on the Shoulder

Jun 21, 2024 Phil Owens
Network Detection and Response, Threat Hunting, Uncovered with SSP, Stamus Security Platform

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Read More
Suricata Threat Hunting Fundamentals by Peter Manev

Suricata Threat Hunting Fundamentals

Dec 21, 2023 Peter Manev
Open Source, Threat Hunting, Suricata

Before beginning any sort of threat hunt, it is important to consider the tools you are using. This...

Read More
Threat Hunting with Suricata and Newly Registered Domain Threat Intel (Open NRD) by Peter Manev

Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD) Part 4

Dec 07, 2023 Peter Manev
Open Source, Threat Hunting, Suricata, Stamus Labs

This is a follow-up to our third blog on hunting using the publicly available Newly Registered...

Read More
Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD) Part 3

Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD) Part 3

Nov 22, 2023 Peter Manev
Open Source, Threat Hunting, Suricata, Stamus Labs

This is a follow-up to our second blog on hunting using the publicly available Newly Registered...

Read More
Threat Hunting with Suricata and Newly Registered Domain Threat Intel (Open NRD) Part 2

Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD) Part 2

Nov 16, 2023 Peter Manev
Open Source, Threat Hunting, Suricata, Stamus Labs

This is a follow-up to our first blog on hunting using the publicly available Newly Registered...

Read More
Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD) by Peter Manev

Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD)

Oct 31, 2023 Peter Manev
Open Source, Threat Hunting, Suricata, Stamus Labs

In aprevious blog post, we announced the release of Open NRD from Stamus Networks - a set of threat...

Read More
Threat Hunting for Unknown Actors & Threats using NRD and Sightings

Threat Hunting for Unknown Actors & Threats using NRD and Sightings

Aug 03, 2023 Peter Manev
Threat Hunting, Stamus Security Platform, Threat intelligence

This week’s guided threat hunting blog focuses on hunting for high-entropy NRD (newly registered...

Read More
Incorporating Newley-Registered Domains into Stamus Security Platform Workflow by Peter Manev

Incorporating Newly Registered Domains (Open NRD) into Stamus Security Platform Workflow

Aug 01, 2023 Peter Manev
Network Detection and Response, Threat Hunting, Stamus Security Platform, Threat intelligence

Every day, new Internet domains are registered through the Domain Name System (DNS) as a natural...

Read More
Feature Spotlight: Improve Threat Hunting with Organizational Context by Phil Owens

How to Improve Threat Hunting with Organizational Context

May 11, 2023 Phil Owens
Network Detection and Response, Threat Hunting, Stamus Security Platform, Declarations of Compromise

Threat hunting is a common practice for many mature security organizations, but it can be time...

Read More
Analyzing Network Traffic with Kibana Dashboards in SELKS: the SN-Hunt-1 Dashboard Part 3 By Rosita Kyuchukova

Analyzing Network Traffic with Kibana Dashboards in SELKS: the SN-Hunt-1 Dashboard Part 3

Apr 20, 2023 Rositsa Kyuchukova
SELKS, Open Source, Threat Hunting, Suricata, IDS-IPS, Stamus Labs, Kibana

Earlier this week, we introduced the second set of visualizations provided by the SN-Hunt-1 Kibana...

Read More
Analyzing Network Traffic with Kibana in SELKS: the SN-Hunt-1 Dashboard Part 2 by Rosita Kyuchukova

Analyzing Network Traffic with Kibana in SELKS: the SN-Hunt-1 Dashboard Part 2

Apr 18, 2023 Rositsa Kyuchukova
SELKS, Open Source, Threat Hunting, Suricata, IDS-IPS, Stamus Labs, Kibana

Last week, we introduced the first set of visualizations provided by the SN-Hunt-1 Kibana dashboard...

Read More
Analyzing-Network-Traffic-With-Kibana-Dashboards-in-SELKS-SN-Hunt-1-Dashboard-part1

Analyzing Network Traffic with Kibana in SELKS: the SN-Hunt-1 Dashboard Part 1

Apr 12, 2023 Rositsa Kyuchukova
SELKS, Open Source, Threat Hunting, Suricata, IDS-IPS, Stamus Labs, Kibana

Keeping your network secure can feel like an endless game of cat and mouse. But with SELKS and its...

Read More
Use SELKS Kibana Dashboards to Solve the Unit 42 Wireshark Quiz by Rosita Kyuchukova

Use SELKS Kibana Dashboards to Solve the Unit 42 Wireshark Quiz

Apr 04, 2023 Rositsa Kyuchukova
SELKS, Open Source, Threat Hunting, Suricata, Network Security Monitoring, Stamus Labs, Kibana

Recently, we released a blog post detailing how you can solve the Unit 42 Wireshark quiz for...

Read More
Stamus-Suricata-Surprises-NSM-Enriched-Alerts

The Hidden Value of Suricata Detection Events: NSM-Enriched IDS Alerts

Mar 30, 2023 Eric Leblond
Threat Hunting, Suricata, Network Security Monitoring, IDS-IPS

If you use Suricata, then you are familiar with the way Suricata generates detection events —...

Read More
Use SELKS to Solve the Unit 42 Wireshark Quiz by Rosita Kyuchukova

Use SELKS to solve the Unit 42 Wireshark Quiz

Mar 16, 2023 Rositsa Kyuchukova
SELKS, Open Source, Threat Hunting, Suricata, IDS-IPS, Stamus Labs, Kibana

This blog describes how to solve the Unit 42 Wireshark quiz for January 2023 with SELKS instead of...

Read More
Detecting Attacks Against CVE-2022-39952 (FortiNAC) by Stamus Networks Team

Detecting Attacks Against CVE-2022-39952 (FortiNAC)

Feb 24, 2023 Stamus Networks Team
Network Detection and Response, Threat Hunting, Stamus Security Platform, CVE, Stamus Labs

This blog describes the steps Stamus Networks customers may take to determine if any of your...

Read More
Hunting for Suspicious DNS Use During Policy Verification by Peter Manev

Hunting for Suspicious DNS Use During Policy Verification

Jan 31, 2023 Peter Manev
Threat Hunting, Stamus Security Platform

This week’s guided threat hunting blog focuses on verifying a policy enforcement of domain...

Read More
Threat Hunting for Lateral Executable Transfers with Stamus Security Platform by Peter Manev

Hunting for Lateral Executable Transfers

Dec 22, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

It is not uncommon to see executable file transfers within an organization. However, it is...

Read More
Threat Hunting for Punycode Domain Phishing with Stamus Security Platform by Peter Manev

Hunting for Punycode Domain Phishing

Nov 29, 2022 Peter Manev
Threat Hunting, Stamus Security Platform, Phishing

Punycode domains have traditionally been used by malware actors in phishing campaigns. These...

Read More
Threat Hunting for Suspicious DNS Requests with Long Domain Extensions by Peter Manev

Hunting for Suspicious DNS Requests with Long Domain Extensions

Nov 08, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

When you see a domain request from a user/client to a non-local or otherwise unfamiliar or...

Read More

Detecting Attacks Against OpenSSL Vulnerabilities

Nov 02, 2022 Stamus Networks Team
Network Detection and Response, Threat Hunting, Stamus Security Platform, CVE

This blog describes the steps Stamus Networks customers may take to determine if any of your...

Read More

Hunting for Suspicious DNS Requests with Short Domain Extensions

Nov 01, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

Non-local domain requests from the user/client network could signal trouble for an organization....

Read More
Threat Hunting for the use of DNS over HTTPS by Peter Manev

Hunting for the use of DNS Over HTTPS

Oct 25, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

DNS over HTTPS (DoH) is a network protocol used to protect the data and privacy of users by...

Read More
Threat Hunting for Plain Text Executables with Stamus Security Platform by Peter Manev

Hunting for Plain Text Executables with Stamus Security Platform

Oct 18, 2022 Peter Manev
Threat Hunting, Stamus Security Platform, Phishing

Plain text executables (such as those downloaded from a PowerShell user agent) are often seen on...

Read More
Hunting for Internal Use of Dynamic DNS with Stamus Security Platform by Peter Manev

Hunting for Internal Use of Dynamic DNS with Stamus Security Platform

Oct 11, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

This week in our series on guided threat hunting, we are focusing on locating internal use of...

Read More
Threat Hunting for Use of Foreign Domain Infrastructure by Peter Manev

Hunting for Use of Foreign Domain Infrastructure with Stamus Security Platform

Oct 04, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

This week’s guided threat hunting blog focuses on hunting for foreign domain infrastructure usage...

Read More
Threat Hunting for Unauthorized Activity from Critical Infrastructure by Peter Manev

Hunting for Unauthorized Activity from Critical Infrastructure

Sep 27, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

This week’s guided threat hunting blog focuses on hunting for Let’s encrypt certificates that were...

Read More
Hunting for unauthorized admin user activity with SSP by Peter Manev

Hunting for Unauthorized Admin User Activity with Stamus Security Platform

Sep 20, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

In this week’s guided threat hunting blog, we will focus on hunting for Let’s Encrypt certificates...

Read More
Hunting for Rogue Proxy Servers by Peter Manev

Hunting for Rogue Proxy Servers

Sep 14, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

In this week’s guided threat hunting blog, we focus on using Stamus Security Platform to identify...

Read More
Hunting for Phishing Activity with Stamus Security Platform Enriched Hunting Interface by Peter Manev

Hunting for Phishing Activity with Stamus Security Platform

Sep 06, 2022 Peter Manev
Threat Hunting, Stamus Security Platform, Phishing

In this week’s guided threat hunting blog, we focus on using Stamus Security Platform to uncover...

Read More
Hunting for Unauthorized FTP Usage with Stamus Security Platform by Peter Manev

Hunting for Unauthorized FTP Usage

Aug 30, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

This week’s guided threat hunting blog focuses on a specific policy violation - the use of...

Read More
Hunting for File Sharing Service Policy Violations by Peter Manev

Hunting for File Sharing Service Policy Violations

Aug 23, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

This week’s guided threat hunting blog focuses on policy violations; specifically, violations...

Read More
Hunting for Malware Masquerading as an Image File by Peter Manev

Hunting for Malware Masquerading as an Image File

Aug 16, 2022 Peter Manev
Threat Hunting, Stamus Security Platform, Phishing

For week 2 of our series on guided threat hunting, we will be reviewing a hunting technique to...

Read More
After the Hunt by Peter Manev

After the Hunt

Aug 09, 2022 Peter Manev
Threat Hunting, Stamus Security Platform, Declarations of Compromise

So, what’s next? You’ve had a successful hunt, uncovered some type of threat or anomalous behavior...

Read More
Hunting for Potentially Unwanted Programs by Peter Manev

Hunting For Potentially Unwanted Programs (PUP)

Aug 09, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

In addition to deploying advanced detection technologies, many security teams make threat hunting...

Read More
Introduction to Guided Threat Hunting by Peter Manev

Introduction to Guided Threat Hunting

Aug 09, 2022 Peter Manev
Threat Hunting, Stamus Security Platform

Stamus Security Platform is loaded with features that help security teams leverage network traffic...

Read More
Uncovered with Stamus Security Platform: Raiz0WorM

Uncovered with Stamus Security Platform: Raiz0WorM

Jun 14, 2022 Peter Manev
Network Detection and Response, Threat Hunting, Uncovered with SSP, Stamus Security Platform

In this series of articles we share hands-on experience from active hunts in the real world. We...

Read More
Uncovered with Stamus Security Platform: Spyware Missed by EDR

Uncovered with Stamus Security Platform: Spyware Missed by EDR

Feb 04, 2022 Peter Manev
Network Detection and Response, Threat Hunting, Uncovered with SSP, Stamus Security Platform

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Read More
IMAGE | Feature Spotlight: Pivot from IDS Alert Metadata to Signature Details

Feature Spotlight: Pivot from IDS Alert Metadata to Signature Details

Jan 13, 2022 Cédric Le Roux
SELKS, Network Detection and Response, Threat Hunting, Stamus Security Platform

Sometimes, even after extensive training, we forget about important features or ways of using a...

Read More
Intrusion_Analysis_and_Threat_Hunting_with_Open_Source_Tools_FloCon_2022

Intrusion Analysis and Threat Hunting with Open Source Tools @ FloCon 2022

Dec 16, 2021 Peter Manev
Open Source, Threat Hunting, Suricata, Events

In its early years, FloCon was an academic conference focused exclusively on network flow data but...

Read More
Intrusion Analysis and Threat Hunting with Open Source Tools

Troopers Training: Intrusion Analysis and Threat Hunting with Open Source Tools

Oct 27, 2021 Peter Manev
Open Source, Threat Hunting, Events

The importance of having a strong security team has been growing in recent years, and many...

Read More
Threat Hunting with Stamus Security Platform: Danger in the Datacenter

Uncovered with Stamus Security Platform: Danger in the Datacenter

Jul 26, 2021 Peter Manev
Network Detection and Response, Threat Hunting, Uncovered with SSP, Stamus Security Platform

When the blue team needs to mount a network defense, they must answer some very common questions:

  • ...
Read More
Threat Hunting with Stamus Security Platform: User Agents Tell the Story

Uncovered with Stamus Security Platform: User Agents Tell the Story

Mar 24, 2021 Peter Manev
Network Detection and Response, Threat Hunting, Uncovered with SSP, Stamus Security Platform

Stamus Security Platform (SSP) helps bank identify threat to its accounting network

With the help...

Read More
Threat Hunting With Stamus Security Platform: Shadow IT

Uncovered with Stamus Security Platform: Shadow IT

Feb 02, 2021 Peter Manev
Network Detection and Response, Threat Hunting, Uncovered with SSP, Stamus Security Platform

In this series of articles, we explore a set of use cases that we have encountered in real-world...

Read More
Network Threat Hunting vs Endpoint Threat Hunting

Endpoint-Based and Network-Based Threat Hunting — Each Has its Strengths

Sep 24, 2020 Ken Gramley
Network Detection and Response, Threat Hunting, Endpoint Detection

Threat hunting—the proactive detection, isolation, and investigation of threats that often evade...

Read More
Threat Hunting with Stamus Security Platform: MoDi RAT

Uncovered with Stamus Security Platform: MoDi RAT

Sep 22, 2020 Peter Manev
Network Detection and Response, Threat Hunting, Uncovered with SSP, Stamus Security Platform

In this series of articles, we will explore a set of use cases that we have encountered in...

Read More
Why Context is Critical for Successful Network Detection and Response (NDR)

Why Context is Critical for Successful Network Detection and Response

Aug 25, 2020 D. Mark Durrett
Network Detection and Response, Threat Hunting, Stamus Security Platform

As mentioned in an earlier article, organizations seeking to identify cyber threats and mitigate...

Read More
Did Network Detection and Response (NDR) kill Network Traffic Analysis (NTA)?

Is Network Traffic Analysis (NTA) dead in an age of Network Detection and Response (NDR)?

Aug 21, 2020 D. Mark Durrett
Network Detection and Response, Threat Hunting, Network Security Monitoring, Stamus Security Platform, IDS-IPS

Organizations seeking to proactively identify and respond to cyber threats in order to mitigate...

Read More

SELKS5 RC1 - Threat Hunting and more...

Dec 21, 2018 Peter Manev
SELKS, Open Source, Threat Hunting, Suricata, Stamus Labs

Hi!Yet another upgrade of our SELKS. We are very thankful to all the great Open Source projects and...

Read More

ABOUT STAMUS NETWORKS ™

Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. The global leader in Suricata-based network security solutions, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response. 

Indianapolis, USA Paris, France

Privacy

© 2014-2024 Stamus Networks, Inc. All rights Reserved.