Pinned toot

> Argentinian security researcher arrested after tweeting about government hack

> The documents showed that authorities arrested and raided the security expert just for tweeting about a recent government hack, with no tangible evidence that he was involved.

zdnet.com/article/argentinian-

(he was released on the same day)

New post: Windows Registry Auditing including list of HKEY_* subkeys to audit based on MITRE ATT&CK and more hannahsuarez.github.io/2019/hk

Nice to have: A HKEY/Windows registry playbook. MITRE has some indicators if you look into their framework (ie attack.mitre.org/techniques/T1), and I recently saw this peerlyst.com/posts/windows-dde

Additional reading from MSFT on registry:
docs.microsoft.com/en-us/windo

I should probably add in this series that as of June 2019 has added DNS monitoring in their features.

The diff ways for DNS logging on Windows:

- DNS logging via latest Sysmon
- DNS monitoring via ETW Provider (DNS Client and DNS Server Providers respectively)
- DNS file-based logging turning on Analytical and Debug channels
- Windows EventLog EventIDs related to DNS

Looking forward to - looks like the program will involve interesting presentations and talks on logs, log collection (ie Elastic Search), threat hunting, blue team work, security monitoring and more. Pretty much my sidewalk. Will be very interesting and relevant! bsideslux.lu/2019/program.html

Looking forward to it ✈️ 🇱🇺

Accepted developer rooms fosdem.org/2020/news/2019-10-0

* 15 October (or earlier), the developer rooms will issue Calls for Participation

* 11 October is the deadline for first batch of main track proposals for .

fosdem.org/2020/news/2019-08-1

AMITT (Adversarial Misinformation and Influence Tactics and Techniques) is a framework designed for describing and understanding disinformation incidents. AMITT is part of misinfosec - work on adapting information security (infosec) practices to help track and counter misinformation, and is designed as far as possible to fit existing practices and tools.

github.com/misinfosecproject/a

Framework diagram: github.com/misinfosecproject/a

If you know MITRE ATT&CK Framework, you'll appreciate this!

Saw an option that is paid SaaS type starting at $500pm. I do like the idea of having the split instruction + lab

Does anyone know what is involved in creating such virtual lab environments like what is on Infosec Institute for public type lessons? See screenshot for example and lab on the right side

The was breached in November 2018 and the attack was first detected in April 2019 as part of a baseline threat hunting exercise. Here is a very well written incident report that has been published report including in the appendix a few phishing emails imagedepot.anu.edu.au/scapa/We

Been reading this: sans.org/media/analyst-program and I have to admit that I really like the way the concepts have been communicated. Great balance. Saw the author profile also and noted the depth of experience.

Their videos have much to be desired - and really I don't like videos that much unless it can help graphically explain a technical concept (ie Subnetting) but they have some labs that you can join in and practice as well as practice exams for various certs

Look into collecting/parsing BIG-IP DNS logs, Dnsmasq logs, djbdns logs, Cisco Network Registrar (commercial) logs, Knot DNS logs and of course BIND 9. But out of the list I'd consier only BIG IP DNS, BIND 9 and Knot DNS. For Unix/Linux.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.