The Garuda Threat Hunting Framework, released at DEF CON 2025, is a PowerShell-based framework designed to simplify manual threat hunting. It allows you to correlate, filter, and investigate Sysmon events efficiently. In this video, I demonstrate how to install Garuda, explore its key features, and perform a step-by-step hunt of a Living-off-the-Land (LoLbin) attack using […]
In this video, we explore how AI enhances threat hunting by integrating Large Language Models (LLMs) with the Garuda Threat Hunting Framework. Garuda is a manual, PowerShell-based threat hunting and investigation framework designed to transform raw Sysmon telemetry into structured, actionable intelligence for Windows environments. It allows you to correlate, filter, and analyze sysmon events […]
In my previous blog posts I posted details of cyber attacks targeting Indian Ministry of External Affairs and Indian Navy’s Warship and Submarine Manufacturer. This blog post describes another attack campaign where attackers impersonated identity of Indian think tank IDSA (Institute for Defence Studies and Analyses) and sent out spear-phishing emails to target officials of […]
In my previous blog posts I described attack campaigns targeting Indian government organizations, and Indian Embassies and Ministry of External affairs. In this blog post I describe a new attack campaign where cyber espionage group targeted the users of Mazagon Dock Shipbuilders Limited (also called as ship builder to the nation). Mazagon Dock Shipbuilders Limited […]
In my previous blog I posted details of a cyber attack targeting Indian government organizations. This blog post describes another attack campaign where attackers used the Uri terror attack and Kashmir protest themed spear phishing emails to target officials in the Indian Embassies and Indian Ministry of External Affairs (MEA). In order to infect the […]
This blog post describes an attack campaign where NIC (National Informatics Centre) Cyber Security themed spear phishing email was used to possibly target Indian government organizations. In order to infect the victims, the attackers distributed spear-phishing email, which purports to have been sent from NIC’s Incident response team, the attackers spoofed an email id that […]