Detecting Emotet using Windows Event Logs


Emotet is a trojan malware that steals sensitive information. Many companies are concerned that their users will get infected by this malware and might leak sensitive information.

A customer I’m currently helping with their Security Operations Center (SOC) asked me, how they can detect Emotet in their environment.

Here’s what I came up with – maybe it helps you detecting Emotet or similar malware in your environment, too! (more…)

EventList – the Baseline Event Analyzer

mx_microsoft_borderWhen it comes to securing Windows Systems, it doesn’t matter if you harden a Domain Controller, a server system or a client – one thing they all have in common:
There are baselines provided by Microsoft, which security settings should be applied for each system.

Amongst others, there are some audit recommendations included.

I often work with customers who just started building their Security Operations Center (SOC). Many customers are confused by the variety of Windows Events: which events should be monitored? Which events will be generated when a specific baseline is applied?

Writing down each event and monitoring recommendations would be a huge effort. That’s why I automated it and created EventList – I hope, it helps you, too! (more…)