https://hexpysya.github.io/tags/wazuh/Recent content in Wazuh on bubka hacks stuffHugo -- gohugo.ioen-usMon, 09 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/wazuh-injection/Mon, 09 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/wazuh-injection/Detected a SQL Injection attack, observed 85 alerts across 6 rule IDs, and configured automated IP blocking via active response.https://hexpysya.github.io/blue_team/wazuh+suricata-malware-traffic/Mon, 02 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/wazuh+suricata-malware-traffic/Replayed a malicious PCAP file containing Hancitor dropper traffic that deployed Cobalt Strike, Dridex, and Ficker Stealer. Analyzed 423 Suricata alerts in Wazuh, reconstructed the full infection chain, and mapped findings to MITRE ATT&CK.https://hexpysya.github.io/blue_team/wazuh_ssh-brute-force/Fri, 20 Feb 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/wazuh_ssh-brute-force/Simulated an SSH brute force attack using Hydra, observed Wazuh detection across 7 rule IDs, identified a gap in default alerting (max level 10), wrote a custom rule to escalate severity to level 12, and configured automated IP blocking via active response.