PCI v3.2.1 is here!

May 18, 2018 | By:

Version 3.2.1 of the PCI DSS was just released by the PCI Security Standards Council (PCI-SSC). As a minor version, it primarily included clarification updates and one correction to a requirement reference. Most of the changes center around the removal of the January 31st date, which expired this year. Appendix A2.1-A2.3 was updated to focus…

Malware Analysis is for the (Cuckoo) Birds – Cuckoo Installation Notes for Debian

May 18, 2018 | By:

Cuckoo is written in the programming language Python and utilizes multiple Python libraries. First step is to verify that these libraries are in place and up to date. Cuckoo’s Documentation does a good job of listing the commands, but can be confusing. The following will outline the commands needed to install Cuckoo and provide a…

Malware Analysis is for the (Cuckoo) Birds

May 18, 2018 | By:

There are many different options for malware analysis sandboxes. Most involve submitting samples to an online sandbox and getting a report back. While for the most part this is great, the reports contain the basic information on the type of malware and if it has been seen before. BUT what if you want to know…

How to Leverage Threat and Attack Intelligence in your Risk Assessments

May 17, 2018 | By:

Risk assessments methodologies in general are built before much of the information we have today was available.  Thus, we need to take advantage of the latest advances in threat intelligence and attack intelligence to make security risk assessments more valuable and aligned with real-life.  “What the hell do you know about TCAP?” Based on my…

Bridging the Cybersecurity Culture Clash

October 10, 2017 | By:

Why Derbycon is so good for the security community I had a chance to go to Derbycon for the first time this year.  I was amazed at how great it was and a lot of fun of course, but there was more to it than that. I’ve been to many regional conferences, as well as…

Ensuring Risk Assessments have a (Business) Impact

May 15, 2018 | By:

Risk is a term that gets thrown around quite a bit, and like its distant cousin “pentest”, it has a tendency to be used to describe many very different things. There are many “standard” Risk formulas out in the world today that typically include some combination of the terms Asset, Threat and Vulnerability.  Some of…

The Art of Detecting Kerberoast Attacks

May 10, 2018 | By:

As a former defender, there is a sense of “happiness” when I can put defenses in place that allow you to detect attacks and potential indicators of compromise (IoC). It’s like those old spy toys you would get as a kid that had the “laser” light and would make a sound if the light beam…

Building Upon Core Security & Risk Definitions

May 07, 2018 | By:

Security is evolving. That’s not news, but as it is happening not everyone can keep up with what that means.  This is especially true for those who have embraced maturing their risk and security programs, while still getting traditional assessments which have become commoditized and oftentimes not as valuable as they used to be.    These…

Malware: Linux, Mac, Windows, Oh My!

April 26, 2018 | By:

While going through APT write-ups, I’ve been noticing a lot of focus on detecting Windows malware, so we will skip over that. One thing that I haven’t seen much of online, though, is how to hunt for adversaries on Linux systems. For that reason, this blog post will be all about how you can look…

It Was the “Summerof2018” – Password Auditing for Windows Administrators

April 19, 2018 | By:

by Costa Petros IT departments around the globe spend countless hours and money ensuring that their company’s data and infrastructure are properly secured. Startup company? Install a firewall and maybe get an antivirus subscription. Past the startup phase? Upgrade your firewall to have an Intrusion Prevention Sensor (IPS) and/or maybe an Intrusion Detection Sensor (IDS)….