Detection and Alerting: Selecting a SIEM

September 2, 2022

Summary Basic SIEM requirements should be in place to create mature detections for a variety of log sources, including network logs, system logs, and application logs (including custom applications). This focuses on Security Operations and does not include the engineering side of SIEM management, e.g., licensing, hardware/cloud requirements, retention needs, etc. Each component of the…

Read

Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience

August 31, 2022

One of the most common questions asked by business leadership is also one of the most challenging to answer: “How secure are we?” Now, some of you reading this may already be cringing or yelling at your screen that this question on its own shouldn’t have a simple answer with little actionable value. However, when…

Read

Splunk SPL Queries for Detecting gMSA Attacks

May 20, 2022

1    Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘golden’ opportunity. If you’re an enterprise defender, it’s something you need…

Read

Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC

January 13, 2022

I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three…

Read

Real or Fake? How to Spoof Email

January 11, 2022

I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and…

Read

An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278

January 6, 2022

1.0 Introduction On Friday, December 10, 2021, Charlie Clark (@exploitph) published a blog post detailing the weaponization of CVEs 2021-42287 and 2021-42278. In the blog post, Charlie extensively covered the background of the vulnerabilities, how the vulnerabilities were weaponized into Rubeus, with help from Ceri Coburn (@_EthicalChaos_), the full ‘attack chain,’ mitigations, and some detections….

Read

How we’re making sense of CMMC 2.0

November 16, 2021

On November 5, 2021, the Office of the Secretary for the Department of Defense produced a document outlining updates for the Cybersecurity Maturity Model Certification (CMMC) program. We’ve been following the program since its inception, and we were eager to find out what’s coming next. In short, some of the changes help reduce the burden…

Read

Reducing Merchant Scope to Ease the Compliance Burden

July 13, 2021

Merchants should spend more time doing what they are good at—i.e., selling and merchandising—versus trying to keep up with validating and maintaining PCI compliance. How can this be accomplished? Using either an end-to-end encryption (E2EE) or point-to-point encryption (P2PE) solution for each point-of-sale (POS) system eliminates some of the complex hoops that merchants are required…

Read

The Backup Paradigm Shift: Moving Toward Attack Response Systems

June 15, 2021

Black Hawk Down I’m guessing a lot of us in the IT and Security space have experienced the gut wrenching feeling of not receiving that ICMP ping reply you were expecting from a production system, be it a firewall, switch, or server. Was there a recent configuration change that happened prior to the last reboot?…

Read

Strength Training With Transport Cryptology: Part 2

March 30, 2021

In part 1 of this blog series, we explored objective standards for evaluating application cipher suites using the National Institute of Standards and Technology (NIST) standard. Reviewing that is not required to continue here. For those of us lucky enough to apply cryptology within a Payment Card Industry (PCI) context, this part is for you….

Read
  • Browse by Category

  • Clear Form