Pinned toot

rest of 2020 goals in mind: 📆

:pika: Pivot at the current place

:pika: Take on board another project

:pika: Actually contribute to an open source project (now that, I'm no longer involved with open source / community software)

:pika: Contribute into an online course

:pika: Pick up a whole new skill

:pika: Keep up my blog entries on hannahsuarez.me

:pika: Continue to apply and send Cfp/talk submissions

:pika: Continue on with this ruleset submissions that has been on my mind

Pinned toot

Who moved my DNS cheese? BIND 9 DNS Log Collection and DNS Auditing hannahsuarez.github.io/2020/wh

Looking into other cloud DNS infrastructure for a potential series. What provider do you use?

Nice, HKCU run keys get a mention. vxug.fakedoma.in/papers/VXUG/E

Defenders can check out my post on: List of HKEY_* / Windows Registry keys and subkeys to audit based on MITRE ATT&CK, JPCert Lateral Movements analysis hannahsuarez.github.io/2019/hk and other links

Thread: twitter.com/smelly__vx/status/

+ their addition: "Note: Mitre | Att&ck does not explicitly list this technique. This technique is a pseudo-hybrid child of DLL side-loading & binary masquerading."

Very happy to get into and most specifically, documentation.

I was involved in this briefly about 3 to 4 years ago on secure file transfer software.

If anyone wants to throw their favorite documentation, specifically around software, let me know.

Collect and alert on this PowerShell code that disables Microsoft-Windows-PowerShell event logging:
Remove-EtwTraceProvider -AutologgerName EventLog-Application -Guid '{A0C1853B-5C40-4B15-8766-3CF1C58F985A}'
(from medium.com/palantir/tampering- )

Because attacks like Empire uses powershell command line parameters, which you can also add rules on your choice of siem or dashboard, see uncoder.io then "Empire PowerShell Launch Parameters"

initial diagramming of linux bind 9 deployment to explain to a general 100+ audience.. hmm

Show thread

Hm, just saw that I am missing an arrow there. 1 arrow to represent WEF sending events to the WEC. 2nd arrow to represent another log agent to sent to the data lake.

Show thread

friday night diagramming of dns log collection deployment sample

TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records annasperotto.org/publication/p

—The TXT resource record is the one with the
most flexibility for its contents, as it is a largely unstructured.
Although it might be the ideal basis for storing any form
of text-based information, it also poses a security threat, as
TXT records can also be used for malicious and unintended
practices. Yet, TXT records are often overlooked in security
research.

> Had your rookie talk accepted at a conference that has sadly had to have been cancelled? We've got you.

twitter.com/TheBeerFarmers/sta

x33fcon, a new gathering for IT security professionals and enthusiasts. It's a new event where blue and red teams meet to exchange views and ideas, share experiences, and discuss the latest security challenges in the industry.

x33fcon.com/#!conference.md#Ag

Just published two posts, all about DNS log collection and security:

DNS and IT security - Know your DNS Queries and Requests, Attacks, and SANS CSC
hannahsuarez.github.io/2020/dn

DNS Log Collection - More on DNS Queries hannahsuarez.github.io/2020/dn

Related from May 2019: Why understanding of DNS monitoring is useful for securing and hardening infrastructure hannahsuarez.github.io/2019/DN

Cape Core contains the key functionality of Cape Privacy, including:

A CLI (command line interface)
Cape Coordinator, which provides policy management workflows, and controllers to work with the Cape Privacy libraries.

github.com/capeprivacy/cape

FYI from tomorrow!

Open Source Hackathon

hackathon.hack.lu/

The hack.lu team and CIRCL organise the fourth Open Source Security Software Hackathon on Wednesday 26th and Thursday 27th August 2020.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.