Services

Threat Detection Engineering

Use Cases Development

For Information Security Ops Teams and MSSP getting serious about upscaling detection capabilities and building out threat hunting regimes for Enterprises.

  • Detection content covering the MITRE ATT&CK framework
  • Works for various SIEM and XDR solutions
  • Relevant SIGMA content
  • Custom development
  • Use Case tuning support
  • Periodic on-demand support via *live chat
  • Available as a subscription-model

Contact Us

Paliscade can help you leverage the ATT&CK Navigator to gain better understanding on threats and focus on key areas you need better coverage with.

Click on the above tabs to preview some of the attacker's TTPs we use for detection.

 

Paliscade_mitre-1

Detecting Windows active scanning activities involves monitoring for patterns and behaviors indicative of network or host scanning activities commonly performed by attackers to identify vulnerable systems or services.

This can include high-frequency connection attempts, scanning of multiple ports or IP addresses, or unusual traffic patterns.

 

paliscade_Recon-1

Microsoft Defender for Endpoint detection query to identify the execution of command and scripting interpreters involves searching for specific events related to command-line interfaces and scripting interpreters like Command Prompt (cmd.exe), PowerShell (powershell.exe), and others.

 

paliscade_Recon-1

 

Detecting Windows access token manipulation involves monitoring for suspicious activities that may indicate an attacker is attempting to elevate privileges or impersonate a user by manipulating access tokens.

This can include events such as token theft, token impersonation, or modifications to token privileges.

 

paliscade_Recon-1

By looking for execution of specific commands, we can see when a malicious user was on which systems, to get an idea of the type of reconnaissance they are performing for system service discovery. 

We use a structure-based approach with the Sigma format to custom develop our rules before testing them and bringing to production.

 

Screenshot 2024-04-23 022555

Digital Forensics for Incident Response

We acknowledge that every security incident varies in scope and extent, and this is why we don't operate with a DFIR retainer service fee. 

Instead, we provide on-demand, technical expertise to individuals and businesses for containment and eradication during cyber attacks, at your discretion.

We have the knowledge and tools for forensic aquisitions, to determine the root cause, patient zero and origin of the attacks.

Even finding out the variant or strain of the Ransomware; if it had been seen out in the wild, to limit the impact and prevent further damage to the incident, so that you can quickly recover from, and resume your operations.

If you operate as a sole trader or at a scale that don't have expensive IR tools and XDR solutions, and yet have to deal with a suspected data breach and encrypted endpoints - Paliscade has all the custom toolings you need for in-depth analysis and rapid response.

We have specific product specialisations, but is also vendor neutral to cater for all individuals and companies.

Threat Analysis & Response

Digital forensic capabilities on Smartphones, Cloud, Windows and Linux environments for Incident Response.

  • On-demand, highly technical DFIR services with a focus on your privacy

Enquire more