HCS ▋ @superruserr@infosec.exchange
- Gitlab
- gitlab.com/hcs0
- twitter.com/superruserr
- Github
- github.com/hcs0
#Software #InfoSec #Networks | Work in security - threat hunting, defence, siem/log management, osint, dns, domain. Own opinions here. | DE: @toot.berlin/@superruserr | FR: @mamot.fr/@superruserr | Header image by @ovid
Joined Jan 2018
Pinned toot
rest of 2020 goals in mind: 📆
Pivot at the current place
Take on board another project
Actually contribute to an open source project (now that, I'm no longer involved with open source / community software)
Contribute into an online course
Pick up a whole new skill
Keep up my blog entries on hannahsuarez.me
Continue to apply and send Cfp/talk submissions
Continue on with this ruleset submissions that has been on my mind
Pinned toot
Who moved my DNS cheese? BIND 9 DNS Log Collection and DNS Auditing https://hannahsuarez.github.io/2020/who-moved-my-cheese-dns-linux/
Looking into other cloud DNS infrastructure for a potential series. What provider do you use?
Twitter is now tagging a whole bunch of tweets as 'materials could be obtained by hacking' which is a sure fire way for someone to NOT read important news. Good time to promote fedi and this/your own instance.
They® literally made their own cryptography solution rolled into an sdk and it is totally ironclad and safe
I would have to say that the PE (private equity) buyout has definitely given me some perspectives and some things to think about when it comes to mapping achievements and work with financial and growth outcomes.
We tend to think that "we do x, it's technical and specialized and other people see it" should be enough but it's not - not only map to profit and growth goals but also find the connections that lead back to you.
Just published notes about #NTP (Network Time Protocol), NTP Servers and Logging https://hannahsuarez.github.io/2021/The_Importance_of_NTP_Getting_Started/
Just added: Setting up OpenVPN Logging - including YAML Config Snippets https://hannahsuarez.github.io/2021/YAML_OpenVPN_Logging/
ymmv
Just added: YAML Config Snippet for #HyperV Audit Logging Event Locations
Use with #Elastic #Auditbeat file_integrity module or adopt to your own choice of agent. YMMV though!
https://hannahsuarez.github.io/2021/YAML_HyperV_Audit_Events/
Just added: YAML Config with Event IDs of Active Directory Domain Service Events with Criticality Info https://hannahsuarez.github.io/2021/Active_Directory/ #logging #logstash #yml #elasticsearch #elk
Just added: YAML Config Snippet of JPCERT Lateral Movement Events to Monitor (Windows) https://hannahsuarez.github.io/2021/YAML_Lateral_Movement_Events_to_Monitor/
#security #cybersecurity #infosec #elasticsecurity #blueteam
Yeah it's all Windows due to environment, but I am doing some work on logging for Linux environments very soon
YAML config based on the Palantir Windows Event Forwarding Guidance (can combine with a couple of YML configs, linked in that entry).
YMMV
#security #cybersecurity #infosec #elasticsecurity #blueteam
I'm also looking forward to spending time on contributions to open source, and publishing more technical content/posts on my blog for the community :)
YAML configs for:
1. NSA Events to Monitor List https://hannahsuarez.github.io/2021/Winlogbeat_NSAEventstoMonitor/
2. Events from the Windows 10 and Windows Server 2016 Security auditing and monitoring reference https://hannahsuarez.github.io/2021/Windows_10_Windows_Server_2016_Security_auditing_monitoring_reference/
3. Exploit protection events based on attack surface reduction events https://hannahsuarez.github.io/2021/ExploitProtectionEvents/
And, which Windows auditing events require failure and success logging?
https://hannahsuarez.github.io/2021/WhichEventsNeedFailureSuccessLogging/
YMMV!
I have a few more to share next week.
#security #cybersecurity #infosec #elasticsecurity #blueteam
I have a collection of YAML files (for #Elastic, #Winlogbeat) that I had built up more than a year ago, looking into placing these into a Gitlab/Github repo or blog format. The only thing is that the config may have changed since then but will release it #blueteam
I guess I can finally start looking for SIEM and other #infosec roles now beyond technical documentation.
https://hannahsuarez.github.io/ is my website.
There is a Postman API conference and it is free to attend on Thursday and Friday
https://hopin.com/events/galaxy
Quiet a lot of API security talks
Hunting in the Sysmon Call Trace https://www.lares.com/blog/hunting-in-the-sysmon-call-trace/
~
Despite the walk, I feel a bit unmotivated at the moment. The only upside has been doing a practice 1 hour SSCP test run and getting a pass on it despite barely (aka more than an hour) studying for it.
Now I'm wondering if I should go for another cert.
My old job now made its way to a MITRE and NIST NVE database and its own CVE (CVE-2020-35488) however, no mention on the official account or the new technical evangelist.
Exploit writeup: https://github.com/GuillaumePetit84/CVE-2020-35488
Nice new #blueteam training platform https://app.letsdefend.io/academy/toc/siem/
- Gitlab
- gitlab.com/hcs0
- twitter.com/superruserr
- Github
- github.com/hcs0
#Software #InfoSec #Networks | Work in security - threat hunting, defence, siem/log management, osint, dns, domain. Own opinions here. | DE: @toot.berlin/@superruserr | FR: @mamot.fr/@superruserr | Header image by @ovid
Joined Jan 2018
