This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
HalimAbouzeid
Respected Contributor HalimAbouzeid Respected Contributor
Respected Contributor
since ‎2016-01-31
Monday

User Statistics

  • 27 Posts
  • 1 Solutions
  • 11 Likes given
  • 81 Likes received
Frequent Flyer
Making Yourself at Home
Welcome Back!
Standing Ovation
View all badges
  • NetWitness Community
  • About HalimAbouzeid

User Activity

  • Posts
  • Replies

DCSync Detection with NetWitness

by HalimAbouzeid 2023-02-07 general.in NetWitness Community Blog
2023-02-07
Introduction In this post we will look at the DCSync OS Credential Dumping technique targeting domain controllers (T1003.006), the shortcoming of logs to efficiently detect and investigate this attack, and how network data provides a better approach....

.

by HalimAbouzeid 2023-02-07 general.in NetWitness Discussions
2023-02-07

Hafnium/Microsoft Exchange Breach Detection with NetWitness

by HalimAbouzeid 2021-03-19 general.in NetWitness Community Blog
2021-03-19
Hafnium, a state-sponsored APT group, is believed to have potentially compromised tens of thousands of organizations globally by leveraging multiple 0-day vulnerabilities (such as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) af...

Domain Controller Takeover with Zerologon, from Compromise to Detection

by HalimAbouzeid 2020-09-30 general.in NetWitness Community Blog • latest reply by darkport 2021-04-14
2020-09-30
Zerologon (CVE-2020-1472) is a vulnerability with a perfect CVSS score of 10/10 being used in the wild by attackers, allowing them to gain admin access to a Windows Domain Controller. As more public exploits for this vulnerability are being published...

Maze Ransomware Detection with RSA NetWitness

by HalimAbouzeid 2020-04-20 general.in NetWitness Community Blog
2020-04-20
The Maze ransomware has recently been making the news due to some high-profile infections. In addition to requesting, in some instances, ransoms of 6+ million USD to regain access to the files, the group behind the malware has also leaked some of the...
View more

Re: Domain Controller Takeover with Zerologon, from Compromise to Detection

by HalimAbouzeid 2020-10-01 general.in NetWitness Community Blog
2020-10-01
Hi David. This is because I still had the old SMB parser enabled in my environment (it should be disabled), and that parser registers it under the username meta key. As seen in the below screenshot for the same dataset, the same meta is extracted und...

Re: New ESI Toolkit, released for RSA SA 10.6

by HalimAbouzeid 2016-05-09 general.in NetWitness Discussions • latest reply by GiuseppeCunsolo 2018-06-13
2016-05-09
Hello Saba.The new ESI tool can be downloaded from here: https://knowledge.rsasecurity.com/scolcms/set.aspx?id=11190

Re: Purging Decoder Packet Database

by HalimAbouzeid 2016-04-24 general.in NetWitness Discussions
2016-04-24
Hello Dipin, You could create an application rule on the packet decoder that matches all the traffic for which you don't want to store the packets for (such as "did exists" to match all traffic) and then enable "Stop Rule Processing" and chose "Trunc...
Likes from
User Count
Rafiq
Rafiq Beginner
1
EricSchwartz
EricSchwartz Occasional Contributor
1
Torabi
Torabi Seeker
1
EdPadilla
EdPadilla Occasional Contributor
1
darkport
darkport New Contributor
1
View all
Likes given to
User Count
Ahlers
Occasional Contributor Ahlers Occasional Contributor
1
LeeKirkpatrick
Valued Contributor LeeKirkpatrick Valued Contributor
2
ChrisThomas
ChrisThomas Frequent Contributor
1
MaxFauda
Occasional Contributor MaxFauda Occasional Contributor
1
RSAIncidentResp
New Contributor RSAIncidentResp New Contributor
2
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.