yahmed

Quick Assist Detection

Last month I wrote an article about the Ransomware group Black Basta and how they had been leveraging Remote Desktop tools like TeamViewer, AnyDesk and more notably Quick Assist, which is Microsoft’s own Remote Desktop utility. In general it is strongly recommended to block such apps if there is absolutely no business need to have …

Quick Assist Detection Read More »

Black Basta and Remote Desktop Tools

CISA, along with the FBI, Department of Health and Human Services (HSS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), released an advisory towards the beginning May announcing how the Ransomware group Black Basta have been targeting Critical Infrastructure as of late. They have already impacted over 500 organisations around the globe. You can …

Black Basta and Remote Desktop Tools Read More »

Data Obfuscation in QRadar

This article will explain how to setup data obfuscation in QRadar using regex. There will be times where you may need to mask certain data coming into your SIEM platform for various reasons for your organisation. For example it maybe to mask PII (Personally Identifiable Information) data in order to comply with regulations such as …

Data Obfuscation in QRadar Read More »