I wrote a follow-up on using Burp for both the analysis and attack phase : Hunt for devices with default passwords (with Burp).
Using a strong and unique password for authentication is a key element in security. Unfortunately there are still a lot of devices installed with a default password. This post describes how you can find the web interface of these devices.
Before we start, it’s to important to list the three different web … Read more.
I published an article on How to Use Passive DNS to Inform Your Incident Response on the Security Intelligence blog.
This article gives you an insight on the different logging options for DNS traffic and how the historical records in passive DNS can help you during incident response. I included references to generating passive DNS data based on your traffic and which options you have for consuming it from a client perspective.
I published an article on Don’t Dwell On It: How to Detect a Breach on Your Network More Efficiently on the Security Intelligence blog.
This article describes which typical event types you should look for to detect an intrusion. The article lists 5 key steps to react when you suspect an incident is ongoing.
I published an article on What Metrics Do You Need to Measure the Success of Your SOC? on the Security Intelligence blog.
This article describes how you can evaluate the SOC performance and growth more accurately by building out consistent measurements to review it’s essential functions.
The article covers people, roles, technology, policies and processes and also includes some tips for further tuning reporting and metrics to measure the success of your SOC.
I published an article on How to Leverage Log Services to Analyze C&C Traffic on the Security Intelligence blog.
This article describes what can cause C2 traffic, the different types of C2 traffic and what log sources that you can use to detect the C2 traffic caused by malware.
I published an article on How to Defend With the Courses of Action Matrix and Indicator Lifecycle Management on the Security Intelligence blog.
This article describes the courses of action matrix to help you understand how to verify and validate indicators. The CoA matrix assists you in choosing the most useful action (“response”) to take with a an indicator.
I published an article on How Pivoting Can Help Your Incident Response Process on the Security Intelligence blog.
This article describes what pivoting is about (mostly from a point of view of a defender, or during incident response), how to evaluate and track the links that you found, what domains are most useful to use for pivoting and what data points you can use for pivoting.
Getting Active Directory security right can be a challenging task. Individual groups of computers or user privileges will most likely be properly configured but there are always some trade-offs that have to be made. Attackers will try to find an attack path by abusing the weaknesses that are caused by these trade-offs. Jumping from one host to another, compromising user accounts and abusing active sessions might get them to their final objectives. Whether this is … Read more.
I recently had to explore MQTT. I had never heard of this protocol before. However some helpful resources provide a clear explanation what MQTT is about.
MQTT is a machine-to-machine (M2M)/”Internet of Things” connectivity protocol that uses a lightweight publish/subscribe messaging transport. MQTT works on top of TCP/IP and by default uses port tcp/1883.
A quick search on Shodan reveals that there are a lot of devices publicly available, primarily in the US and Asia. … Read more.
I published an article on IBM Security Intelligence on How Can an ISAC Improve Cybersecurity and Resilience?.
The article covers analysing the three common types of ISACs (information sharing and analysis centers), who creates ISACs, reasons for joining an ISAC and what drives ISACs.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.