This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
HalimAbouzeid
Respected Contributor HalimAbouzeid Respected Contributor
Respected Contributor
since ‎2016-01-31
2 weeks ago

User Statistics

  • 25 Posts
  • 1 Solutions
  • 11 Likes given
  • 77 Likes received
Frequent Flyer
Making Yourself at Home
Welcome Back!
Standing Ovation
View all badges
Announcement Banner

Scheduled maintenance for single sign-on for communities and myRSA on January 26th

View Details
  • NetWitness Community
  • About HalimAbouzeid

User Activity

  • Posts
  • Replies

Hafnium/Microsoft Exchange Breach Detection with NetWitness

by HalimAbouzeid 2021-03-19 general.in NetWitness Community Blog
2021-03-19
Hafnium, a state-sponsored APT group, is believed to have potentially compromised tens of thousands of organizations globally by leveraging multiple 0-day vulnerabilities (such as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) af...

Domain Controller Takeover with Zerologon, from Compromise to Detection

by HalimAbouzeid 2020-09-30 general.in NetWitness Community Blog • latest reply by darkport 2021-04-14
2020-09-30
Zerologon (CVE-2020-1472) is a vulnerability with a perfect CVSS score of 10/10 being used in the wild by attackers, allowing them to gain admin access to a Windows Domain Controller. As more public exploits for this vulnerability are being published...

Maze Ransomware Detection with RSA NetWitness

by HalimAbouzeid 2020-04-20 general.in NetWitness Community Blog
2020-04-20
The Maze ransomware has recently been making the news due to some high-profile infections. In addition to requesting, in some instances, ransoms of 6+ million USD to regain access to the files, the group behind the malware has also leaked some of the...

Zoom Meeting UNC Abuse and Detection with RSA NetWitness

by HalimAbouzeid 2020-04-02 general.in NetWitness Community Blog
2020-04-02
With the sudden surge in popularity for Zoom meetings, an increase interest has been seen by white/grey/black hats to identify potential vulnerabilities and weaknesses.One of the recent popular security weaknesses identified is around the way a UNC p...

Query NetWitness from the Chrome Address Bar

by HalimAbouzeid 2020-03-02 general.in NetWitness Community Blog • latest reply by ShadyKozman 2020-03-03
2020-03-02
It is possible to add RSA NetWitness as a Search Engine in Chrome, which allows to run queries directly from the address bar. The following are the steps to follow in your browser to set this up. Start by navigating to your NetWitness instance on the...
View more

Re: Domain Controller Takeover with Zerologon, from Compromise to Detection

by HalimAbouzeid 2020-10-01 general.in NetWitness Community Blog
2020-10-01
Hi David. This is because I still had the old SMB parser enabled in my environment (it should be disabled), and that parser registers it under the username meta key. As seen in the below screenshot for the same dataset, the same meta is extracted und...

Re: New ESI Toolkit, released for RSA SA 10.6

by HalimAbouzeid 2016-05-09 general.in NetWitness Discussions • latest reply by GiuseppeCunsolo 2018-06-13
2016-05-09
Hello Saba.The new ESI tool can be downloaded from here: https://knowledge.rsasecurity.com/scolcms/set.aspx?id=11190

Re: Purging Decoder Packet Database

by HalimAbouzeid 2016-04-24 general.in NetWitness Discussions
2016-04-24
Hello Dipin, You could create an application rule on the packet decoder that matches all the traffic for which you don't want to store the packets for (such as "did exists" to match all traffic) and then enable "Stop Rule Processing" and chose "Trunc...
Likes from
User Count
darkport
darkport New Contributor
1
JoshRandall
Valued Contributor JoshRandall Valued Contributor
3
Anonymous
2
IslamRashad
Employee IslamRashad
5
SunethJayarathn
Employee SunethJayarathn
1
View all
Likes given to
User Count
Ahlers
Occasional Contributor Ahlers Occasional Contributor
1
LeeKirkpatrick
Valued Contributor LeeKirkpatrick Valued Contributor
2
ChrisThomas
ChrisThomas Frequent Contributor
1
MaxFauda
Occasional Contributor MaxFauda Occasional Contributor
1
RSAIncidentResp
New Contributor RSAIncidentResp New Contributor
2
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.