Introduction If you work in the Cyber Security field, you probably know how a traditional Security Operations Center (SOC) operates. It’s often characterized by a demanding workload, extended night shifts, and high personnel turnover. These factors can lead to alert fatigue among analysts and lower morale. The stressful nature of such environments can also result…
Read MoreThe year is almost over and there’s one thing that always marks this period: the end of one of our biggest and most hyped events. You probably already know what I’m talking about… but just in case you don’t (or even worse, have no idea what the most awaited event of the year is) let…
Read MoreIntroduction Kerberoasting remains one of the most popular techniques for attackers attempting to escalate privileges inside a Windows domain. By requesting service tickets (TGS – Ticket Granting Service) encrypted with weak algorithms, an attacker can extract hashes and crack them offline to recover service account passwords. It should be mentioned that a Kerberos ticket request…
Read MoreOn October 1, 2025, Würth Group employees were targeted by a WhatsApp-based cyberattack. A few users fell for it and some devices got infected. The attack was promptly detected by our Cyber Defense Center, and was stopped before it could spread further. Investigating the threat more deeply, we discovered it was part of a wider…
Read MoreWelcome back for the second and last part of our journey into the jungle of Windows logs! In the first part we set out our goal – tracking admin authentications – and learned more about Windows, how authentication events are logged, and where can we focus to isolate the most accurate events. Today we’re going…
Read MoreIf you’ve ever worked with Windows authentication logs, you know they can be a chaotic mess. Even when you’re looking for something apparently simple and useful – like tracking admin logins – you quickly find yourself in a sea of redundant entries, some of them logged for no apparent reason, and poorly documented details. I’ve…
Read MoreStepping Deeper into the CTF World It seems that this year, I’m a step further into the world of Capture The Flag (CTF) competitions: not sure why but I don’t regret it. We’re only halfway through the year, and I’ve already participated in three events. Not a huge amount, but a noticeable jump considering that…
Read MoreYes, you read that title right. Today I’m going to tell you about the time I went on a hunt to bring a velociraptor and a chainsaw into the Würth Phoenix Security Operations Center. I know that it might sound strange to many and few will believe it, but I’m sure that once you get…
Read MoreNowadays attacks evolve over time and threat actors are following different ways to reach the same objectives. This could represent a problem on the defensive side. How can you always be up-to-date and ready to detect, but then when a vulnerability is exploited be able to act in several ways depending on the threat actor?…
Read MoreIn this post, we’ll explore the synergy between a Cyber Threat Intelligence (CTI) platform and a traditional Security Operations Center (SOC) service. For those interested in the topic, I recommend reading my previous article, where I demonstrated a concrete example of integration between our SIEM and SATAYO, the CTI platform we use in our SOC….
Read MoreHave you already read this blog post Adding soar features to the soc part 1 vulnerability management? If not, you have to! It explains the SOAR features leveraged by the Würth Phoenix SOC and how we implement our Vulnerability Management process. In this article, I’ll take a step back, focusing on what happens before the…
Read More