Security

In post-incident malware investigations, fast and reliable tools are critical for uncovering persistence mechanisms. One such tool I recently discovered is KnockKnock—a free, open-source utility by Objective-See that reveals persistently installed software components on macOS Why It Matters Once malware infects a system, it typically establishes persistence through: Launch Agents/Daemons Browser Extensions Cron Jobs Login Items Kernel Extensions KnockKnock automates detection of these persistence mechanisms, providing visibility into what’s set to automatically execute on your Mac. ...

Running PowerShell Commands on a Wodle in Wazuh By executing PowerShell commands through a Wazuh Wodle and formatting the results in JSON, you can streamline log processing without the need for custom decoders. This method simplifies integration—only the corresponding rules need to be defined to handle the structured output effectively. PowerShell Command Format The recommended format for PowerShell commands in a Wodle is: Powershell -c "@{ <header> = <command> } | ConvertTo-Json -compress" <command> is the PowerShell cmdlet or one-liner script that outputs an object ...