HCS ▋ @superruserr@infosec.exchange
- Gitlab
- gitlab.com/hcs0
- twitter.com/superruserr
- Github
- github.com/hcs0
#Software #InfoSec #Networks | Work in security - threat hunting, defence, siem/log management, osint, dns, domain. Own opinions here. | DE: @toot.berlin/@superruserr | FR: @mamot.fr/@superruserr | Header image by @ovid
Joined Jan 2018
Pinned toot
rest of 2020 goals in mind: 📆
Pivot at the current place
Take on board another project
Actually contribute to an open source project (now that, I'm no longer involved with open source / community software)
Contribute into an online course
Pick up a whole new skill
Keep up my blog entries on hannahsuarez.me
Continue to apply and send Cfp/talk submissions
Continue on with this ruleset submissions that has been on my mind
Pinned toot
Who moved my DNS cheese? BIND 9 DNS Log Collection and DNS Auditing https://hannahsuarez.github.io/2020/who-moved-my-cheese-dns-linux/
Looking into other cloud DNS infrastructure for a potential series. What provider do you use?
Nice, HKCU run keys get a mention. https://vxug.fakedoma.in/papers/VXUG/Exclusive/PersistenceSeries/0/MasqueradingtheHKCURunKey.pdf
Defenders can check out my post on: List of HKEY_* / Windows Registry keys and subkeys to audit based on MITRE ATT&CK, JPCert Lateral Movements analysis https://hannahsuarez.github.io/2019/hkey-mitre/ and other links
Thread: https://twitter.com/smelly__vx/status/1310119130943586304
+ their addition: "Note: Mitre | Att&ck does not explicitly list this technique. This technique is a pseudo-hybrid child of DLL side-loading & binary masquerading."
A Dutch hacker summer camp is a go go for 2021! #MCH2021
Very happy to get into #developer #documentation and most specifically, #API documentation.
I was involved in this briefly about 3 to 4 years ago on secure file transfer software.
If anyone wants to throw their favorite #API documentation, specifically around #security software, let me know.
Collect and alert on this PowerShell code that disables Microsoft-Windows-PowerShell event logging:
Remove-EtwTraceProvider -AutologgerName EventLog-Application -Guid '{A0C1853B-5C40-4B15-8766-3CF1C58F985A}'
(from https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63 )
Because attacks like Empire uses powershell command line parameters, which you can also add rules on your choice of siem or dashboard, see https://uncoder.io then "Empire PowerShell Launch Parameters" #blueteam #logging
initial diagramming of linux bind 9 deployment to explain to a general 100+ audience.. hmm
Hm, just saw that I am missing an arrow there. 1 arrow to represent WEF sending events to the WEC. 2nd arrow to represent another log agent to sent to the data lake.
friday night diagramming of dns log collection deployment sample
DNS and IT security - Know your DNS Queries and Requests, Attacks, and SANS CSC https://hannahsuarez.github.io/2020/dns-log-collection-series-security-dns/
Identifying Disinformation Websites Using Infrastructure Features https://www.usenix.org/conference/foci20/presentation/hounsel
An overview of targeted attacks and APTs on Linux
https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/
Registration for #ShellCon2020 is LIVE / October 9th and 10th http://shellcon.io/registration
TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records http://annasperotto.org/publication/papers/2020/toorn-wtmc-2020.pdf
—The #DNS TXT resource record is the one with the
most flexibility for its contents, as it is a largely unstructured.
Although it might be the ideal basis for storing any form
of text-based information, it also poses a security threat, as
TXT records can also be used for malicious and unintended
practices. Yet, TXT records are often overlooked in security
research.
> Had your rookie talk accepted at a conference that has sadly had to have been cancelled? We've got you.
https://twitter.com/TheBeerFarmers/status/1302954929875750917
x33fcon, a new gathering for IT security professionals and enthusiasts. It's a new event where blue and red teams meet to exchange views and ideas, share experiences, and discuss the latest security challenges in the industry.
Just published two posts, all about DNS log collection and security:
DNS and IT security - Know your DNS Queries and Requests, Attacks, and SANS CSC
https://hannahsuarez.github.io/2020/dns-log-collection-series-security-dns/
DNS Log Collection - More on DNS Queries https://hannahsuarez.github.io/2020/dns-log-collection-series-dns-queries/
Related from May 2019: Why understanding of DNS monitoring is useful for securing and hardening infrastructure https://hannahsuarez.github.io/2019/DNS-Monitoring/
Cape Core contains the key functionality of Cape Privacy, including:
A CLI (command line interface)
Cape Coordinator, which provides policy management workflows, and controllers to work with the Cape Privacy libraries.
security content creators who make videos and streams https://securitycreators.video/
FYI from tomorrow!
Open Source Hackathon
The hack.lu team and CIRCL organise the fourth Open Source Security Software Hackathon on Wednesday 26th and Thursday 27th August 2020.
- Gitlab
- gitlab.com/hcs0
- twitter.com/superruserr
- Github
- github.com/hcs0
#Software #InfoSec #Networks | Work in security - threat hunting, defence, siem/log management, osint, dns, domain. Own opinions here. | DE: @toot.berlin/@superruserr | FR: @mamot.fr/@superruserr | Header image by @ovid
Joined Jan 2018
