WELCOME TO CRONINITY

Home: Welcome

brencronin

Dec 11, 20242 min read

The story of the 'HeartBleed' SSL Vulnerability

The term "heartbleed" is a play off of the word "heartbeat" which was the OpenSSL function exploited for the attack. The VOX article,...

brencronin

Dec 1, 20241 min read

Elastic - Visualizing objects in tables with Zero records

If an elastic query in the dashboard does not return any records, the dashboard may not display zero values for the visualized data.

brencronin

Dec 1, 202412 min read

EDR Evaluation - EDR System Operations (SysOps)

EDR/XDR platforms often lack transparency in their detection logic.

brencronin

Nov 26, 20243 min read

Insider Threat

Three categories of Insider Threats: Malicious insiders Theft of IP Sabotage Espionage Negligent Insiders Ignoring policy and procedures...

brencronin

Nov 26, 202418 min read

First 90 Days

A highly recommended book for navigating a new leadership role is The First 90 Days.

brencronin

Oct 27, 20244 min read

Security Logging - Parent Events versus Base Events

Parent Events versus Base Events Concept The diagram below highlights the SOC Triad, with core cybersecurity tools like Network Detection...

brencronin

Oct 27, 20243 min read

Password Cracking - Hashcat

Three password cracking techniques that can be used with the password cracking tool hashcat. The three techniques are: Dictionary based...

brencronin

Oct 27, 20248 min read

Incident Response (IR) - Server/Host Analysis

Host based IR Approach The main categories of alerts come from the following sensor instrumentation: Network sensors Identity sensors...

brencronin

Oct 26, 20241 min read

Mimikatz

The Mimikatz story is fascinating to me. “Mimikatz first became a key hacker asset thanks to its ability to exploit an obscure Windows...

brencronin

Oct 26, 20248 min read

Interviewing Hiring - SOC Analyst, Cyber Security Engineer

SOC Analyst Screening Questions The questions below are some basic questions that most SOC analysts with some experience should be able...

brencronin

Oct 23, 202415 min read

Network Detection Response (NDR) - Web Traffic Analysis Part 2

Overview of major security tools related to web traffic protection Protection from Inside to Outside Traditional web protection largely...

brencronin

Oct 22, 202412 min read

Zeek & Corelight - Encrypted Traffic Collection

Zeek, and Corelight sensors specifically, divide the process of handling and analyzing data into four distinct areas, as illustrated in...

brencronin

Oct 9, 20246 min read

Network Detection Response (NDR) - HTTP Analysis Part 1

HTTP is one of the most widely recognized protocols, essential for daily internet communication. Its ubiquity ensures it’s readily...

brencronin

Sep 8, 20242 min read

Elastic - Visualizations - Reusing Dashboards with controls and Markdowns

If you have the same dashboard content you want to display across multiple similar but different items, it can be extremely cumbersome to...

brencronin

Aug 18, 20243 min read

Threat Hunting - Kusto Query Language (KQL) externaldata Operator

The externaldata KQL operator enables you to download data from the Internet and temporarily store it as a KQL table for querying. It...

brencronin

Aug 10, 20244 min read

Threat Hunting Bad ASNs - Understanding Internet Bad Neighborhoods

Many people take Internet connectivity for granted, but it’s made possible by network operators. These service providers interconnect...

brencronin

Aug 4, 20243 min read

Cyber Incident Response - Incident Communications Plan

Cyber Incident Response Communications Plan Purpose The purpose of this communications plan is to ensure secure, efficient, and...

brencronin

Aug 4, 20243 min read

Cyber Incident Response - Incident Declaration Policy,

Purpose The purpose of this policy is to establish a standardized process for the declaration of a cyber incident and the subsequent...

brencronin

Jul 17, 20244 min read

Building and Managing Security Operations Centers (SOCs) - So you want to run 24/7?

SOC overview Palo Alto’s Elements of Security Operations emphasizes the importance of understanding the primary motivators of other...

brencronin

Jun 15, 20243 min read

EDR Evaluation - Powershell Activity

Users of Endpoint Detection Response (EDR) systems know they are powerful tools for detecting Threat Actors (TA)'s. But there is often be a lot of mystery about how they work and hence the badness of what they detect and/or block. This mystery makes can not only make it difficult to understand EDR coverage of attacks, but more critically understand an major EDR pain point which is they tend to have a lot of false positives. For understanding how EDRs work, I really like th

Home: Blog2

CONTACT

500 Terry Francois Street San Francisco, CA 94158

bren_cronin@hotmail.com

123-456-7890

Home: Contact