Pinned toot
Added a couple of short entries today
https://hannahsuarez.github.io/2019/eurobsdcon-lillehammer/
Collection of various answers I've given online
> Argentinian security researcher arrested after tweeting about government hack
> The documents showed that authorities arrested and raided the security expert just for tweeting about a recent government hack, with no tangible evidence that he was involved.
(he was released on the same day)
New post: Windows Registry Auditing including list of HKEY_* subkeys to audit based on MITRE ATT&CK and more https://hannahsuarez.github.io/2019/hkey-mitre/
Nice to have: A HKEY/Windows registry playbook. MITRE has some indicators if you look into their framework (ie https://attack.mitre.org/techniques/T1182/), and I recently saw this https://www.peerlyst.com/posts/windows-dde-registry-tweaks-roger-barnett
Additional reading from MSFT on registry:
https://docs.microsoft.com/en-us/windows/win32/sysinfo/structure-of-the-registry
I should probably add in this series that #Sysmon as of June 2019 has added DNS monitoring in their features.
The diff ways for DNS logging on Windows:
- DNS logging via latest Sysmon
- DNS monitoring via ETW Provider (DNS Client and DNS Server Providers respectively)
- DNS file-based logging turning on Analytical and Debug channels
- Windows EventLog EventIDs related to DNS
Looking forward to #BsidesLUX - looks like the program will involve interesting presentations and talks on logs, log collection (ie Elastic Search), threat hunting, blue team work, security monitoring and more. Pretty much my sidewalk. Will be very interesting and relevant! #infosec https://bsideslux.lu/2019/program.html
Looking forward to it ✈️ 🇱🇺
The Windows threat protection guide is a cool 3k pages https://opdhsblobprod04.blob.core.windows.net/contents/4960c3bad9654704b3e1888df466a99c/7cf55469b311a701186ffb9f84a191b0?sv=2015-04-05&sr=b&sig=wUtNXH0GN1NnraNsoyqNkKQ01TpqGq7wDhh%2BQuw5j6o%3D&st=2019-10-08T14%3A18%3A32Z&se=2019-10-09T14%3A28%3A32Z&sp=r
#FOSDEM2020 Accepted developer rooms https://fosdem.org/2020/news/2019-10-01-accepted-developer-rooms/
* 15 October (or earlier), the developer rooms will issue Calls for Participation
* 11 October is the deadline for first batch of main track proposals for #FOSDEM.
https://fosdem.org/2020/news/2019-08-13-call-for-participation/
AMITT (Adversarial Misinformation and Influence Tactics and Techniques) is a framework designed for describing and understanding disinformation incidents. AMITT is part of misinfosec - work on adapting information security (infosec) practices to help track and counter misinformation, and is designed as far as possible to fit existing #infosec practices and tools.
https://github.com/misinfosecproject/amitt_framework
Framework diagram: https://github.com/misinfosecproject/amitt_framework/blob/master/matrix.md
If you know MITRE ATT&CK Framework, you'll appreciate this!
Saw an option that is paid SaaS type starting at $500pm. I do like the idea of having the split instruction + lab
Does anyone know what is involved in creating such virtual lab environments like what is on Infosec Institute for public type lessons? See screenshot for example and lab on the right side
The #ANU was breached in November 2018 and the attack was first detected in April 2019 as part of a baseline threat hunting exercise. Here is a very well written incident report that has been published report including in the appendix a few phishing emails http://imagedepot.anu.edu.au/scapa/Website/SCAPA190209_Public_report_web_2.pdf #infosec
Been reading this: https://www.sans.org/media/analyst-program/Spotlight-Paper-Back-to-Basics-Building-a-Foundation-for-Cyber-Integrity.pdf and I have to admit that I really like the way the concepts have been communicated. Great balance. Saw the author profile also and noted the depth of experience.
Linux ingress authentications and parsing Syslog https://medium.com/@hannahsuarez/unifying-ingress-authentications-lessons-learnt-f12dde56a93b
Cyberdelia, a Collection of Command and Control frameworks https://github.com/ProfessionallyEvil/C4
Their videos have much to be desired - and really I don't like videos that much unless it can help graphically explain a technical concept (ie Subnetting) but they have some labs that you can join in and practice as well as practice exams for various certs #infosecinstitute
Get 30 free days of training at #Infosec Institute as part of National Cyber Security month
https://infosecinstitute.com/ncsam2019
FYI: for new registrants
Added a couple of short entries today
https://hannahsuarez.github.io/2019/eurobsdcon-lillehammer/
Collection of various answers I've given online
Look into collecting/parsing BIG-IP DNS logs, Dnsmasq logs, djbdns logs, Cisco Network Registrar (commercial) logs, Knot DNS logs and of course BIND 9. But out of the list I'd consier only BIG IP DNS, BIND 9 and Knot DNS. For Unix/Linux.
