When running honeypots you never have to wait too long for something to drop!
This moring we had a new hit in the pot, so I decided to invesigate but also to blog and show how we could go about investigating the logs and paylods etc.Read more “Learn to SOC: Java Webshell via confluence”
I’m totally in the middle of doing some work but this alert just came in so I have quickly dumped the data:
This came in via a Confluence exploit (not sure which CVE yet). I’ve not got time to analyse but thought I’d share this as an educational excercise for people! It’s a good excercise to see the apache tomcat logs and then decode, obtain samples and analyse the activity/imapct (as well as yoink IOCs etc.)Read more “Learn to SOC: Cryptominer Analysis”
I chose these words on purpose, I don’t think keeping environments secure and working is easy. I don’t think anyone has all the answers, even with massive budgets large organisations fail to keep their data and systems secure. But I do know that by doing these activities we can massively change the game when compared to the security posture of an organisation compared to organisations that don’t do this! So, I thought I’d share some of the things I do to try and keep on top of environments cyber heigine. But to start let’s think about the kind of questions are we looking to answer:Read more “Things to try & keep an environment safe”