Just a reminder, you can support infosec.exchange through liberapay: https://liberapay.com/Infosec.exchange/
Everything you wanted to know about Exchange Zero Days, but were afraid to ask.
Microsoft Exchange Zero Day's - Mitigations and Detections. - Blue Team Blog
Can't recall which feed I saw this in, but I love this approach to laptop design. If they offer the same in a 15-16" form factor, I think I've found my eventual next laptop
Mitigating Web Shells
This repository houses a number of tools and signatures to help defend networks against web shell malware. More information about web shells and the analytics used by the tools here is available in NSA and ASD web shell mitigation guidance Detect and Prevent Web Shell Malware.
I'm hiring two Principal Security Researchers to join my Applied Research Team at Veracode. One focused on application static analysis and auto-remediation, one focused on dynamic analysis of web apps and web APIs.
My team is fully remote always (we have team members in EU, UK, US so far), great support for education (including attending conferences), pursuing your own projects, flexible scheduling, etc.
YAML configs for:
1. NSA Events to Monitor List https://hannahsuarez.github.io/2021/Winlogbeat_NSAEventstoMonitor/
2. Events from the Windows 10 and Windows Server 2016 Security auditing and monitoring reference https://hannahsuarez.github.io/2021/Windows_10_Windows_Server_2016_Security_auditing_monitoring_reference/
3. Exploit protection events based on attack surface reduction events https://hannahsuarez.github.io/2021/ExploitProtectionEvents/
And, which Windows auditing events require failure and success logging?
I have a few more to share next week.
A Mastodon instance for info/cyber security-minded people.