brencroninJan 712 min readVirtualization Monitoring & Incident Response - VMwareVirtualization platforms have become standard in many organizations and have been more commonly been exploited by threat actors.
brencroninOct 23, 202415 min readNetwork Detection Response (NDR) - Web Traffic Analysis Part 2Overview of major security tools related to web traffic protection Protection from Inside to Outside Traditional web protection largely...
brencroninOct 22, 202412 min readZeek & Corelight - Encrypted Traffic CollectionZeek, and Corelight sensors specifically, divide the process of handling and analyzing data into four distinct areas, as illustrated in...
brencroninOct 9, 20246 min readNetwork Detection Response (NDR) - HTTP Analysis Part 1HTTP is one of the most widely recognized protocols, essential for daily internet communication. Its ubiquity ensures it’s readily...
brencroninJun 12, 20249 min readZeek & Corelight - Core PackagesIn simple terms, Zeek sensors capture traffic, generate protocol-specific log files for the captured session traffic, and can export...
brencroninDec 26, 20237 min readNetwork Detection & Response (NDR) - Zeek 'Alerting' - Odd Remote Access Behavior and ToolsWhen collecting Zeek data, you have a rich source of information for analysis. However, when monitoring systems, it's crucial to...
brencroninSep 24, 20233 min readNetwork Security Monitoring (NSM) - Hacker Command & Control (C&C) (C2)Ralph Mudge developer of Cobalt Strike Red Team hacking software outlines from the hackers perspective 4 key processes that need to...
