brencroninJun 12, 20249 min readZeek & Corelight - Core PackagesIn simple terms, Zeek sensors capture traffic, generate protocol-specific log files for the captured session traffic, and can export...
brencroninApr 17, 202412 min readAdversary-in-the-Middle (AiTM) and Business Email Compromise (BEC)Cyberattacks persistently target both systems and individuals. Among these, compromising user credentials stands out as a prevalent...
brencroninMar 9, 20245 min readMalware Analysis - Encoding/Decoding to Mask/Unmask Hackers Dirty Deeds - Base64One critical aspect of malware behavior lies in Data Obfuscation, where malware seeks to conceal its activities through various...
brencroninMar 3, 20247 min readIncident Response (IR) ExercisesIncident Response (IR) Exercise Phases Establish Exercise Interval and Planning timelines: First, establish the IR exercise execution...
brencroninFeb 8, 20244 min readConnecting Logs to Identities in devices and ApplicationsAuthentication Logging for Operating Systems Overview One crucial aspect of cybersecurity involves monitoring logins associated with user...
brencroninJan 4, 20246 min readCyber Threat Intelligence (CTI) and its many faces - Foundational Threat Indicator Lookup Services & Threat Indicator FeedsCyber Threat Intelligence (CTI) plays a vital role in enhancing detection capabilities and empowering organizations to make well-informed...
brencroninDec 26, 20237 min readNetwork Detection & Response (NDR) - Zeek 'Alerting' - Odd Remote Access Behavior and ToolsWhen collecting Zeek data, you have a rich source of information for analysis. However, when monitoring systems, it's crucial to...
brencroninDec 3, 20239 min readElastic Security - Random Notes and LinksElastic - Overview When considering data storage in Elasticsearch, it's common to think of relational databases. However, Elasticsearch...
brencroninNov 16, 202312 min readLogging Systems - Logging Ain't Easy But it's NecessaryNIST 800-53 logging controls are primarily categorized within the AU (Audit and Accountability) control family. Within AU, there are...
brencroninNov 15, 20235 min readCybersecurity Logging Systems - C.E.S 'Crowdstrike, Elastic, Splunk'In cybersecurity, various logging systems are employed, often known as 'Security Information & Event Management' (SIEM) systems when...
brencroninNov 15, 20232 min readRansomware - Techniques - Encryption via GPUpdateEnsuring the security of an organization's Domain Controller (DC) is paramount, recognizing it as a critical asset that must be protected...
brencroninNov 7, 20231 min readAgentless Integration of IDS/IPS and Vulnerability DataIntrusion Detection/Protection Systems (IDS/IPS) examine network traffic using rules and signatures. Some of these rules or signatures...
brencroninNov 5, 20233 min readThe Cybersecurity SuriIn the realm of cybersecurity, there is also a 'Suri,' which is the abbreviation for Suricata. Suricata stands as an open-source,...
brencroninOct 25, 20232 min readVulnerability Management - Fragile ScanningCertain devices are considered 'fragile' where aggressive vulnerability scanning could have a risk of impacting the availability of the...
brencroninOct 23, 20234 min readVulnerability Management - Tracking & TreatingIn a previous article I highlighted a framework for vulnerability management program, developed by SANS instructors Jonathan Risto and...
brencroninOct 21, 20236 min readVulnerability Management - Vulnerability PrioritizationIn a prior article, I introduced a vulnerability management program framework known as P.I.A.C.T., developed by SANS instructors Jonathan...
brencroninOct 15, 20235 min readManagement - Performance GoalsManaging people can be tough. One of the pillars of successful management is leading employees to meet the organizations objectives and...
brencroninOct 15, 20237 min readVulnerability Management - The Homonymy of "Scanning"One of the most frequently used terms in cybersecurity is "Scanning." However, this term can encompass various meanings within the...
brencroninOct 14, 20233 min readCybersecurity MetricsMetrics are the lifeblood of business decision-making, cherished by executives who rely on them to steer their organizations toward...
