Internally known as "Log Jam", this Unicode data reflection in Windows Events allows for potential halting of log/event analysis and 3rd party processing and forwarding when utilizing the XML export feature. Deemed a potential detection evasion technique.
Tested systems:
In this series, Tim Shelton, CTO/Founder of HAWK Network Defense, aka redsand in the hacker community will explore the core components necessary to drive efficiency and effectiveness of Security Orchestration and Response (SOAR). He will also discuss the requirements to build organizational trust in the processes from
As an IT executive, I see SOC analysts frustrated with the incident response process on a daily basis. From the SOC analyst’s perspective, the key requirement of any security analytics system is to easily take