A Primer on Cloud Logging TrustedSec Security Blog

A Primer on Cloud Logging for Incident Response

October 25, 2022

Overview This blog post will provide an overview of common log sources in Azure and AWS, along with associated storage and analysis options. At a high level, cloud-based incidents can be categorized into host-based compromises (that is, compromises primarily involving virtual machines hosted in the cloud) and identity-based or resource-based compromises (compromises primarily involving cloud-native…

Read

Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene—Part 2

October 11, 2022

In the first Back to Basics blog we discussed cyber hygiene and some fundamental security practices one can take to quickly assess their current cybersecurity posture and identify, prioritize, and mitigate visibility gaps. This post focuses on account management measures and how proactive identification and regulation can drastically elevate your security posture. Routine cyber hygiene…

Read

How Your Team’s Culture Determines the Value of Your Tabletop Exercise

September 13, 2022

A tabletop exercise (TTX) measures more than an organization’s technical capabilities and adherence to an incident response plan—it facilitates the confluence of personalities and team cultures, in turn revealing friction not only in processes but also in team dynamics. The success of an organization’s response in both a TTX scenario and, more importantly, a real-world…

Read

CVE 2022-22965 (Spring4Shell) Vulnerability

April 1, 2022

On March 29, 2022, a security researcher with the handle p1n93r disclosed a Spring Framework remote code execution (RCE) vulnerability, which was archived by vx-underground. This vulnerability, known as Spring4Shell, affects applications that use JDK v9 or above that run Apache Tomcat as the Servlet Container in a WAR package and use dependencies of the…

Read

Simplifying Your Operational Threat Hunt Planning

March 30, 2022

Opening Hopefully you all were able to read our recent Threat Hunting whitepaper and had the chance to listen to our latest Threat Hunting webinar. These references should be used as the foundation of information, which leads us into the next journey: how to build out your first Threat Hunt. Building out an organization’s Threat…

Read

TrustedSec Okta Breach Recommendations

March 23, 2022

TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management…

Read

Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene

March 9, 2022

Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of…

Read

Update: The Defensive Security Strategy

September 9, 2021

Original post:  https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are they occurring? While common issues are often leveraged, the mentality around them is…

Read

Who Left the Backdoor Open? Using Startupinfo for the Win

February 18, 2021

In the endless quest to research additional Windows system forensic artifacts to use during an Incident Response investigation, I stumbled across something I thought was cool. This definitely wasn’t a new artifact, it was just a specific native Windows XML file that I wasn’t aware of. I noticed this file was not commonly used from…

Read
  • Browse by Category

  • Clear Form