I'm hiring two Principal Security Researchers to join my Applied Research Team at Veracode. One focused on application static analysis and auto-remediation, one focused on dynamic analysis of web apps and web APIs.
My team is fully remote always (we have team members in EU, UK, US so far), great support for education (including attending conferences), pursuing your own projects, flexible scheduling, etc.
YAML configs for:
1. NSA Events to Monitor List https://hannahsuarez.github.io/2021/Winlogbeat_NSAEventstoMonitor/
2. Events from the Windows 10 and Windows Server 2016 Security auditing and monitoring reference https://hannahsuarez.github.io/2021/Windows_10_Windows_Server_2016_Security_auditing_monitoring_reference/
3. Exploit protection events based on attack surface reduction events https://hannahsuarez.github.io/2021/ExploitProtectionEvents/
And, which Windows auditing events require failure and success logging?
I have a few more to share next week.
In other news, This is going to be my bug out spot soon. https://www.bestbeachgetaways.com/property-details/sunrise-beach-809/?arrival_date=&departure_date=
Not very good for a bugout spot, but it does have a nice view.
Forgot to announce that the upgrade completed successfully. Currently pruning preview cards and old remote media - freed up >150GB so far 😅
Shifting Cloud Security Left — Scanning Infrastructure as Code for Security Issues
Nice overview of a number of tools (Checkov, Regula, Terraform-compliance, Terrascan, tfsec) with examples of custom check writing and more.
Dept of State says that Trump's term ends tonight at 7:49PM. Definitely a defaced website, but we can dream.
Cloud & DevSecOps Learning Resources
HIRING: Senior Security Engineer, Applications (Remote) / San Francisco, California, United States - https://infosec-jobs.com/job/2634-senior-security-engineer-applications-remote/ #InfoSec #infosecjobs #CyberSecurity #cybersec #CyberCareer #cyberjobs #security #jobs #jobsearch #Recruiting #techjobs #hiringnow #SecurityEngineer
I've started up a new #podcast called EliteCast. It's aimed at business leaders and decision-makers who want to understand the importance of #cybersecurity without all the technical jargon. The first episode is a bit rough, IMO, but I'll get back into the groove soon.
Spotify link as I wait for Apple to approve my listing:
Thanks, and I hope you all enjoy it!
Anyone else working on the SANS Holiday Hack Challenge? (link below) I've gotten through 4 of the objectives so far and a handful of terminal challenges but it'd be fun to group up and meet some other people.
Also thanks again to @gangrif for pointing it out to me! I appreciate it!
Cybersecurity firm FireEye says it was hacked by a nation state
"The stolen 'red team' tools — which amount to real-world malware — could be dangerous in the wrong hands. FireEye said there’s no indication they have been used maliciously. But cybersecurity experts say sophisticated nation-state hackers could modify them for future use probing vulnerabilities."
A Mastodon instance for info/cyber security-minded people.