Attacks on the Rise Through Office 365

September 17, 2019

Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security…

Read
hunting for meaning blog post graphic

Indicators of Compromise – Hunting for Meaning (Part 2)

April 11, 2019

In part one of this blog post series, we briefly looked at why IoC threat data enrichment is important, the value of knowing who your enemy is, and the process of turning threat data into threat intelligence. If you haven’t had a chance to read the first part of this series, take a few minutes…

Read
hunting for meaning blog post graphic

Indicators of Compromise – Hunting for Meaning (Part 1)

April 9, 2019

By the time an Incident Response consultant is contacted, the security event in question is already in motion. So, the goals become: rapid triage, assist in identifying the related threat risks, and make every effort to identify the threat actors involved. Attribution is very difficult when dealing with seasoned and well-funded threat actors, but it…

Read
Adventures of an RDP Honeypot: Part 2 graphic

Adventures of an RDP Honeypot – Part Three: Creation of an RDP Honeypot

February 1, 2019

Welcome to the third and final part of the blog series on the RDP honeypot that I set up. The first part took a look at RDP and how it can be better secured, while the second post analyzed what the attackers did once they got into the honeypot. In this post I’ll talk about…

Read
Adventures of an RDP Honeypot: Part 2 graphic

Adventures of an RDP Honeypot – Part Two: Know Your Enemy

January 28, 2019

Welcome to part two of the three-part series on the Remote Desktop Protocol (RDP) honeypot I set up. In the first post, I discussed ways that RDP can be configured to be more secure (and how you should NEVER put it on the Internet). In this part, I’ll talk about what happened when my honeypot…

Read
Adventures of an RDP Honeypot: Part 2 graphic

Adventures of an RDP Honeypot – Part One: RDP Security

January 25, 2019

Over the last several months, TrustedSec has noticed a common thread in the root cause of incidents we’ve investigated: Microsoft Remote Desktop Protocol (RDP) open to the Internet. RDP on the Internet is a very bad idea. Attackers are constantly searching for, and breaking into, systems set up in this way. Once in, they can…

Read
PROXMOX logo

Malware Analysis is for the (Cuckoo) Birds – Working with Proxmox

May 29, 2018

This post will be on how to setup and modify Cuckoo to work with a non-supported hypervisor, Proxmox. “Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform, and easily manages high availability clusters and disaster recovery…

Read
Debian logo graphic

Malware Analysis is for the (Cuckoo) Birds – Cuckoo Installation Notes for Debian

May 18, 2018

Cuckoo is written in the programming language Python and utilizes multiple Python libraries. First step is to verify that these libraries are in place and up to date. Cuckoo’s Documentation does a good job of listing the commands, but can be confusing. The following will outline the commands needed to install Cuckoo and provide a…

Read
cuckoo logo

Malware Analysis is for the (Cuckoo) Birds

May 18, 2018

There are many different options for malware analysis sandboxes. Most involve submitting samples to an online sandbox and getting a report back. While for the most part this is great, the reports contain the basic information on the type of malware and if it has been seen before. BUT what if you want to know…

Read
cyber security threats icons

How to Leverage Threat and Attack Intelligence in your Risk Assessments

May 17, 2018

Risk assessments methodologies in general are built before much of the information we have today was available.  Thus, we need to take advantage of the latest advances in threat intelligence and attack intelligence to make security risk assessments more valuable and aligned with real-life.  “What the hell do you know about TCAP?” Based on my…

Read
  • Browse by Category

  • Clear Form