Threat Intel
Did you want to check out some of your detections? This isn’t everything of course but it’s a simple batch file to simulate a range of enumeration techniques used by actors like CONTI or LOCKBIT affiliates/operators:
Read more “Simulating Human Operated Discovery”
Guides
Having a plan for how you will respond to common incidents is key. It’s a good idea to have procedural level “playbooks” (we used to just call these procedures, maybe I’m old!) but let’s get taktic00l and call them:
Playbooks/Runbooks/Aide-mémoire etc.
That aside (words are fun right!) they key part here is to identify the people, roles and responsibilities and the systems/actions/decisions you will need to take. To start with let’s look at a common incident of Phishing with credential harvesting, this may lead onto business email compromise (BEC) and attempted or successful fraud or downstream supply chain attacks.
Read more “Phishing (Cred harvester) Response”
Leadership
Ever want to be MORE cyber? Need to impress the board? Want to look 1337 AF? Worry not we have your back! Here is a collection of CYBER MAPS to project on your wall mounted displays!
Read more “Pew Pew Maps – Cool graphics bro”
Threat Intel
When running honeypots you never have to wait too long for something to drop!
This moring we had a new hit in the pot, so I decided to invesigate but also to blog and show how we could go about investigating the logs and paylods etc.
Read more “Learn to SOC: Java Webshell via confluence”
Education
I’m totally in the middle of doing some work but this alert just came in so I have quickly dumped the data:
This came in via a Confluence exploit (not sure which CVE yet). I’ve not got time to analyse but thought I’d share this as an educational excercise for people! It’s a good excercise to see the apache tomcat logs and then decode, obtain samples and analyse the activity/imapct (as well as yoink IOCs etc.)
Read more “Learn to SOC: Cryptominer Analysis”
Defense
I chose these words on purpose, I don’t think keeping environments secure and working is easy. I don’t think anyone has all the answers, even with massive budgets large organisations fail to keep their data and systems secure. But I do know that by doing these activities we can massively change the game when compared to the security posture of an organisation compared to organisations that don’t do this! So, I thought I’d share some of the things I do to try and keep on top of environments cyber heigine. But to start let’s think about the kind of questions are we looking to answer:
Read more “Things to try & keep an environment safe”