cyberhakon

joined 1 year ago
sorted by: new top controversial old
1
AI-Powered Threat Hunting on Linux Servers: Honeypot Experiment and Privilege Escalation (safecontrols.blog)
 

I tested using Google's Gemini as a helping hand in Linux log based threat hunting - and it is actually helpful, although not ready to take the security analyst's job (yet).

1
Teaching smart things cyber self defense: ships and cars that fight back (safecontrols.blog)
 

A blog post I made based on discussions at a conference last week - we need to teach smart things like self driving cars and ships to defend themselves against cyber attacks. This outlines how we should approach it.

1
Edge history forensics – part 2 (downloads and search) (safecontrols.blog)
 

I did a dive into what you can get out of the Edge (and probably Chrome(ium)) History sqlite database. It logs quite detailed data - useful for forensics!

1
Hacktivists with exaggerated claims again? (www.bleepingcomputer.com)
 

The hacktivist group Anonymous Sudan claims to have breached Microsoft and stolen credentials from 30 million customers. Microsoft says they are lying. The group has done a lot of DDoS attacks, and claimed much bigger impact than they really have had. Exaggerated claims may lead to increased "panic state" at the top of the corporate food chain. How do you communicate about threat groups making bold statements like this to your higher ups or customers?

1
Excel as log analysis tool? (www.mandiant.com)
 

I have found Excel to be quite useful for collecting data, doing summary analysis of logs, etc. I also liked this blog post from Mandiant, about using Excel to timeline artefacts with very different structure. It takes a bit of work using find, left, mid, right, concat, etc, but then it is quite useful! Another good thing is that a lot of people are better at creating Excel sheets than doing XPath queries.

Anyone else using Excel for DFIR, and how do you use it?

1
geo_info_from_ip_address() - Azure Data Explorer (learn.microsoft.com)
 

If we are going to build a good community, we need some content! Here's a new feature in Kusto I have found useful in Sentinel, making it easier to do geolocation lookups in queries: geo_in_from_ip_address.

If we all share a little trick or something we have recently learned now and then, this will be a useful community!

1
Reports from MSSP's - what do people actually care about? (infosec.pub)
 

Whether you are a buyer of security services, or a provider of them, what metrics, visuals, information is actually important to customers? What is the preferred way to consume reports - emails, dashboards, PDF reports, chat bots, smoke signals? Any thoughts and inputs much appreciated!