Perched | Security Education, Consulting, and Support
Security Solutions

Perched Blog

Importing ".evtx" files into HELK or Elastic

At some point in your career, there will come a time when you need to collect Windows event logs in EVTX format. Likely, these were acquired from a Windows event archive, during forensics investigations, or someone sent you log samples/files. This is especially true when you have collected these logs from offline assets.

Read More
ROCK in a (Virtual)Box

Virtual machines are convenient. They’re especially nice for testing out new tools or creating small labs for a proof of concept or one off application usage. Deploying tools like RockNSM in a virtual machine is not always intuitive, though. In this post, I want to share a couple of options and walk through a scenario deploying RockNSM 2.4 to monitor traffic on a physical host interface.

Read More