Network Detection Response (NDR) - HTTP Analysis Part 1
HTTP is one of the most widely recognized protocols, essential for daily internet communication. Its ubiquity ensures it’s readily...
top of page
WELCOME TO CRONINITY
 |  |  |
|---|---|---|
 |  |  |
Home: Welcome
Search
Elastic - Visualizations - Reusing Dashboards with controls and Markdowns
If you have the same dashboard content you want to display across multiple similar but different items, it can be extremely cumbersome to...
Threat Hunting - Kusto Query Language (KQL) externaldata Operator
The externaldata KQL operator enables you to download data from the Internet and temporarily store it as a KQL table for querying. It...
Threat Hunting Bad ASNs - Understanding Internet Bad Neighborhoods
Many people take Internet connectivity for granted, but it’s made possible by network operators. These service providers interconnect...
Cyber Incident Response - Incident Communications Plan
Cyber Incident Response Communications Plan Purpose The purpose of this communications plan is to ensure secure, efficient, and...
Cyber Incident Response - Incident Declaration Policy,
Purpose The purpose of this policy is to establish a standardized process for the declaration of a cyber incident and the subsequent...
Building and Managing Security Operations Centers (SOCs) - So you want to run 24/7?
There are many nuances to running a SOC which include, responsibilities and authorities within the organization, interactions with other...
EDR Evaluation - Powershell Activity
Users of Endpoint Detection Response (EDR) systems know they are powerful tools for detecting Threat Actors (TA)'s. But there is often...
Zeek & Corelight - Core Packages
In simple terms, Zeek sensors capture traffic, generate protocol-specific log files for the captured session traffic, and can export...
SOAR Notes
Automation Overview Identify and prioritize processes for automation: Begin with standard, repetitive tasks that can be easily automated,...
Adversary-in-the-Middle (AiTM) and Business Email Compromise (BEC)
Cyberattacks persistently target both systems and individuals. Among these, compromising user credentials stands out as a prevalent...
Malware Analysis - Encoding/Decoding to Mask/Unmask Hackers Dirty Deeds - Base64
One critical aspect of malware behavior lies in Data Obfuscation, where malware seeks to conceal its activities through various...
Mitre ATT&CK based SOC Assessments
SOC assessments: Set a reference for SOC capabilities. Identify detection engineering data-source gaps Identify detection engineering use...
Connecting Logs to Identities in devices and Applications
Authentication Logging for Operating Systems Overview One crucial aspect of cybersecurity involves monitoring logins associated with user...
Cyber Threat Intelligence (CTI) and its many faces - Foundational Threat Indicator Lookup Services & Threat Indicator Feeds
Cyber Threat Intelligence (CTI) plays a vital role in enhancing detection capabilities and empowering organizations to make well-informed...
Network Detection & Response (NDR) - Zeek 'Alerting' - Odd Remote Access Behavior and Tools
When collecting Zeek data, you have a rich source of information for analysis. However, when monitoring systems, it's crucial to...
Elastic Security - Random Notes and Links
Elastic - Overview When considering data storage in Elasticsearch, it's common to think of relational databases. However, Elasticsearch...
Logging Systems - Logging Ain't Easy But it's Necessary
NIST 800-53 logging controls are primarily categorized within the AU (Audit and Accountability) control family. Within AU, there are...
Cybersecurity Logging Systems - C.E.S 'Crowdstrike, Elastic, Splunk'
In cybersecurity, various logging systems are employed, often known as 'Security Information & Event Management' (SIEM) systems when...
Ransomware - Techniques - Encryption via GPUpdate
Ensuring the security of an organization's Domain Controller (DC) is paramount, recognizing it as a critical asset that must be protected...
Home: Blog2
Home: Contact
bottom of page