3
AI-Powered Threat Hunting on Linux Servers: Honeypot Experiment and Privilege Escalation (safecontrols.blog)
submitted 3 months ago by [email protected] to c/[email protected]
1 comments fedilink

I tested using Google's Gemini as a helping hand in Linux log based threat hunting - and it is actually helpful, although not ready to take the security analyst's job (yet).

16
Teaching smart things cyber self defense: ships and cars that fight back (safecontrols.blog)
submitted 4 months ago by [email protected] to c/[email protected]
1 comments fedilink

A blog post I made based on discussions at a conference last week - we need to teach smart things like self driving cars and ships to defend themselves against cyber attacks. This outlines how we should approach it.

3
Edge history forensics – part 2 (downloads and search) (safecontrols.blog)
submitted 11 months ago by [email protected] to c/[email protected]
0 comments fedilink

I did a dive into what you can get out of the Edge (and probably Chrome(ium)) History sqlite database. It logs quite detailed data - useful for forensics!

3
Hacktivists with exaggerated claims again? (www.bleepingcomputer.com)
submitted 1 year ago by [email protected] to c/[email protected]
0 comments fedilink

The hacktivist group Anonymous Sudan claims to have breached Microsoft and stolen credentials from 30 million customers. Microsoft says they are lying. The group has done a lot of DDoS attacks, and claimed much bigger impact than they really have had. Exaggerated claims may lead to increased "panic state" at the top of the corporate food chain. How do you communicate about threat groups making bold statements like this to your higher ups or customers?

ISO27001/27002 - Am I missing something? by cyberhakon in c/[email protected]
[-] [email protected] 1 points 1 year ago* (last edited 1 year ago)

The controls themselves are not hard to understand. Writing policies describing these controls is also not that hard. But: changing the way an organization is working, in terms of habits, documentation, information management, how we collaborate - that can be really, really hard. So even if the requirements in ISO 27001 and the controls guidance in ISO 27002 look straight forward from a technical point of view, it is not easy to change the way of working for a whole organization! It requires leadership, it requires resources, and enough competent people with internal social capital to help support and drive the change. This is why an ISO 27001 journey is usually not just smooth sailing.

3
Excel as log analysis tool? (www.mandiant.com)
submitted 1 year ago by [email protected] to c/[email protected]
0 comments fedilink

I have found Excel to be quite useful for collecting data, doing summary analysis of logs, etc. I also liked this blog post from Mandiant, about using Excel to timeline artefacts with very different structure. It takes a bit of work using find, left, mid, right, concat, etc, but then it is quite useful! Another good thing is that a lot of people are better at creating Excel sheets than doing XPath queries.

Anyone else using Excel for DFIR, and how do you use it?

1
geo_info_from_ip_address() - Azure Data Explorer (learn.microsoft.com)
submitted 1 year ago by [email protected] to c/[email protected]
0 comments fedilink

If we are going to build a good community, we need some content! Here's a new feature in Kusto I have found useful in Sentinel, making it easier to do geolocation lookups in queries: geo_in_from_ip_address.

If we all share a little trick or something we have recently learned now and then, this will be a useful community!

1
Reports from MSSP's - what do people actually care about? (infosec.pub)
submitted 1 year ago by [email protected] to c/[email protected]
1 comments fedilink

Whether you are a buyer of security services, or a provider of them, what metrics, visuals, information is actually important to customers? What is the preferred way to consume reports - emails, dashboards, PDF reports, chat bots, smoke signals? Any thoughts and inputs much appreciated!

Introduce yourself! by cyberhakon in c/[email protected]
[-] [email protected] 1 points 1 year ago

Hi, security consultant and service developer focusing on OT and DFIR. Working for an international consulting firm, based in Europe. Originally a chemical engineer. Big fan of knowledge sharing!

cyberhakon

joined 1 year ago