WELCOME TO CRONINITY

SOC overview Palo Alto’s Elements of Security Operations  emphasizes the importance of understanding the primary motivators of other...

Users of Endpoint Detection Response (EDR) systems know they are powerful tools for detecting Threat Actors (TA)'s. But there is often be a lot of mystery about how they work and hence the badness of what they detect and/or block. This mystery makes can not only make it difficult to understand EDR coverage of attacks, but more critically understand an major EDR pain point which is they tend to have a lot of false positives. For understanding how EDRs work, I really like th

In simple terms, Zeek sensors capture traffic, generate protocol-specific log files for the captured session traffic, and can export...

Cyberattacks persistently target both systems and individuals. Among these, compromising user credentials stands out as a prevalent...

One critical aspect of malware behavior lies in Data Obfuscation, where malware seeks to conceal its activities through various...

Incident Response (IR) Exercise Phases Establish Exercise Interval and Planning timelines: First, establish the IR exercise execution...

Authentication Logging for Operating Systems Overview One crucial aspect of cybersecurity involves monitoring logins associated with user...

Cyber Threat Intelligence (CTI) plays a vital role in enhancing detection capabilities and empowering organizations to make well-informed...

When collecting Zeek data, you have a rich source of information for analysis. However, when monitoring systems, it's crucial to...

Elastic - Overview When considering data storage in Elasticsearch, it's common to think of relational databases. However, Elasticsearch...

NIST 800-53 logging controls are primarily categorized within the AU (Audit and Accountability) control family. Within AU, there are...

In cybersecurity, various logging systems are employed, often known as 'Security Information & Event Management' (SIEM) systems when...

Ensuring the security of an organization's Domain Controller (DC) is paramount, recognizing it as a critical asset that must be protected...

Intrusion Detection/Protection Systems (IDS/IPS) examine network traffic using rules and signatures. Some of these rules or signatures...

In the realm of cybersecurity, there is also a 'Suri,' which is the abbreviation for Suricata. Suricata stands as an open-source,...

Certain devices are considered 'fragile' where aggressive vulnerability scanning could have a risk of impacting the availability of the...

In a previous article I highlighted a framework for vulnerability management program, developed by SANS instructors Jonathan Risto and...

In a prior article, I introduced a vulnerability management program framework known as P.I.A.C.T., developed by SANS instructors Jonathan...

Managing people can be tough. One of the pillars of successful management is leading employees to meet the organizations objectives and...