Pinned toot

If you are in Luxembourg area, it looks like there are some free trainings in February, but a no show would be a 40 euro fee

Interesting item to think about, knowing your 'enemy'...

does 'knowing your enemy' involve ...
- a list of bad IPs
- a set of event ids
- different entropy (ie when obscuring potentially malicious powershell commands like disabling an etw provider)

"In fact, many observations of past badness — the indicators — may in fact be essentially random and present no useful knowledge about the future badness or about the nature of the enemy, their intents and capabilities."

CfP in now extended until 10th February for

And the venue will be at Castle this year 🐉

Me: posts something positive and wholesome that is parallel on Twitter

Twitter: *fights amongst themselves over Thing*

Me: *feels awkward*

Looks like I am now going to in March! I used to live in Dublin, Ireland for a short while...Ireland is one of my favourite countries! Looking forward to visiting again in March

I signed up to preview Amazon Detective

"Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations."

Very interesting.

Just published by my colleague: how to do Windows USB Auditing using modules available on free/paid versions of this log collector

“In essence, people write stupid string-matching and regex-based content because they trust it. They do not — en masse — trust the event taxonomies if their lives and breach detections depend on it. And they do.” — Chronicle

auspol, windows 7, server 2008 

Just published: Windows Event IDs to collect based on top Windows Security Events, JP/CERT Lateral Movements and also on other guidance from NSA and Palantir. - You can use the Community Edition for these and adapt on your own systems.

Published: Work I have done around Rapid7 Integration to collect and rewrite logs to the Universal Event Format (UEF) which offers another alternative to what is in their documentation

Getting my teeth into Mcafee EPO, Micro Focus Arcsight and Microsoft Advanced Threat Analytics log collection integrations

small ebook I drafted on siem and log collection to go to the marketing agency's designer.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.