Security Logging - Parent Events versus Base Events
Parent Events versus Base Events Concept The diagram below highlights the SOC Triad, with core cybersecurity tools like Network Detection...
Parent Events versus Base Events Concept The diagram below highlights the SOC Triad, with core cybersecurity tools like Network Detection...
Three password cracking techniques that can be used with the password cracking tool hashcat. The three techniques are: Dictionary based...
Host based IR Approach The main categories of alerts come from the following sensor instrumentation: Network sensors Identity sensors...
The Mimikatz story is fascinating to me. “Mimikatz first became a key hacker asset thanks to its ability to exploit an obscure Windows...
SOC Analyst Screening Questions The questions below are some basic questions that most SOC analysts with some experience should be able...
Overview of major security tools related to web traffic protection Protection from Inside to Outside Traditional web protection largely...
Zeek, and Corelight sensors specifically, divide the process of handling and analyzing data into four distinct areas, as illustrated in...
HTTP is one of the most widely recognized protocols, essential for daily internet communication. Its ubiquity ensures it’s readily...
If you have the same dashboard content you want to display across multiple similar but different items, it can be extremely cumbersome to...
The externaldata KQL operator enables you to download data from the Internet and temporarily store it as a KQL table for querying. It...
Many people take Internet connectivity for granted, but it’s made possible by network operators. These service providers interconnect...
Cyber Incident Response Communications Plan Purpose The purpose of this communications plan is to ensure secure, efficient, and...
Purpose The purpose of this policy is to establish a standardized process for the declaration of a cyber incident and the subsequent...
SOC overview Palo Alto’s Elements of Security Operations  emphasizes the importance of understanding the primary motivators of other...
Users of Endpoint Detection Response (EDR) systems know they are powerful tools for detecting Threat Actors (TA)'s. But there is often...
In simple terms, Zeek sensors capture traffic, generate protocol-specific log files for the captured session traffic, and can export...
Automation Overview Identify and prioritize processes for automation: Begin with standard, repetitive tasks that can be easily automated,...
Cyberattacks persistently target both systems and individuals. Among these, compromising user credentials stands out as a prevalent...
One critical aspect of malware behavior lies in Data Obfuscation, where malware seeks to conceal its activities through various...
Incident Response (IR) Exercise Phases Establish Exercise Interval and Planning timelines: First, establish the IR exercise execution...