Pinned toot
Added a couple of short entries today
https://hannahsuarez.github.io/2019/eurobsdcon-lillehammer/
Collection of various answers I've given online
If you are in Luxembourg area, it looks like there are some free #misp trainings in February, but a no show would be a 40 euro fee
#misp - Malware Information Sharing Platform & Threat Sharing - Training Materials
Is Threat Hunting the new Fad? https://isc.sans.edu/diary/25746
Interesting item to think about, knowing your 'enemy'...
https://medium.com/anton-on-security/how-to-fail-at-know-your-enemy-24b2ab40632c
does 'knowing your enemy' involve ...
- a list of bad IPs
- a set of event ids
- different entropy (ie when obscuring potentially malicious powershell commands like disabling an etw provider)
"In fact, many observations of past badness — the indicators — may in fact be essentially random and present no useful knowledge about the future badness or about the nature of the enemy, their intents and capabilities."
CfP in now extended until 10th February for #BSidesLjubljana https://bsidesljubljana.si
And the venue will be at #Ljubljana Castle this year 🐉
Me: posts something positive and wholesome that is #infosec parallel on Twitter
Twitter: *fights amongst themselves over Thing*
Me: *feels awkward*
Looks like I am now going to #bsidesdublin in March! I used to live in Dublin, Ireland for a short while...Ireland is one of my favourite countries! Looking forward to visiting again in March https://www.bsidesdub.ie/index.php #bsides
List of various Windows ETW tools
I signed up to preview Amazon Detective https://aws.amazon.com/detective/
"Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations."
Very interesting.
Just published by my colleague: how to do Windows USB Auditing using modules available on free/paid versions of this log collector
https://nxlog.co/documentation/nxlog-user-guide/windows-usb-auditing.html
“In essence, people write stupid string-matching and regex-based content because they trust it. They do not — en masse — trust the event taxonomies if their lives and breach detections depend on it. And they do.” — Chronicle
auspol, windows 7, server 2008
Just published: Windows Event IDs to collect based on top Windows Security Events, JP/CERT Lateral Movements and also on other guidance from NSA and Palantir. https://nxlog.co/documentation/nxlog-user-guide/eventlog-eventids.html - You can use the Community Edition for these and adapt on your own systems. #nxlog #infosec
"CIS Controls Implementation Guide for SMEs" https://www.cisecurity.org/wp-content/uploads/2017/09/CIS-Controls-Guide-for-SMEs.pdf
Published: Work I have done around Rapid7 Integration to collect and rewrite logs to the Universal Event Format (UEF) which offers another alternative to what is in their documentation https://nxlog.co/documentation/nxlog-user-guide/rapid7.html
Getting my teeth into Mcafee EPO, Micro Focus Arcsight and Microsoft Advanced Threat Analytics log collection integrations
small ebook I drafted on siem and log collection to go to the marketing agency's designer.
MITRE Releases Framework for Cyber Attacks on Industrial Control Systems
