This is a scenario based incident response tabletop that I worked on with a colleague. I wanted to share with the world, as I have had immense success with this. It amazes me how a simple dice roll, really draws people in to the event. It sounds silly, but the sense of chance adds so Read More …
Author: tmack
ESM – Exposure Surface Management
Exposure Surface Management (ESM) aims to proactively identify, assess, and mitigate vulnerabilities across an organization’s digital assets, including those external to the traditional IT infrastructure, to reduce the risk of cyberattacks. Here’s a breakdown of what ESM looks like: Comprehensive Asset Inventory: ESM starts with a thorough inventory of all assets, both internal and external, Read More …
Conference Video – Deep Web – what to do and what not to do
Presented at the Cysinfo 9th Quarterly Meetup on 19th November 2016 at Bangalore Presentation Link
Malware TV – Automatically Extracting Obfuscated Strings from Malware
The FireEye Labs Obfuscated String Solver (FLOSS) is an open-source tool that automatically detects, extracts, and decodes obfuscated strings in Windows Portable Executable (PE) files. Malware analysts, forensic investigators, and incident responders can use FLOSS to quickly extract sensitive strings to identify indicators of compromise (IOCs). Malware authors encode strings in their programs to hide Read More …
Notes – Use Templates And Keep It DRY
To “Use Templates And Keep It DRY” means to leverage templates or reusable structures and to avoid code duplication by implementing a principle of abstraction that promotes code efficiency and maintainability. Here’s a breakdown of the concept: Templates: These are reusable structures, such as code snippets, document layouts, or organizational frameworks that can be used as Read More …
ASM – Attack Surface Management
Attack Surface Management (ASM) focuses on identifying, monitoring, and mitigating potential vulnerabilities and risks across an organization’s entire digital footprint, including both known and unknown assets, to reduce the potential attack surface. Here’s a more detailed explanation: Continuous Process: ASM is not a one-time task, but rather a continuous process of discovery, analysis, prioritization, remediation, Read More …
Conference Video – Defending Against Power Shell Attacks
Dutch Power Shell User Group – 3rd Power Shell Saturday 2017-04-08
Hacker TV – What Is An XXE Attack?
XML files can incorporate inline references to other documents. Unsafe treatment of external references allows an attacker to probe your file system for sensitive information – an XML External Entity (XXE) attack.
clean up /boot (for Ubuntu at least)
Here is a quick set of commands to clean up the /boot partition on an Ubuntu linux system. First check what your kernel version is so you won’t delete the running kernel image: uname -r Now run this for a list of installed kernels: dpkg –list ‘linux-image*’ | grep ^ii delete the kernels you don’t Read More …
What are the advantages of FASP
The speed increases are achieved by sending larger packets than TCP, not waiting for confirmation that a packet has been received before sending the next one, and only re-sending packets that are confirmed as having been dropped. FASP (Fast and Secure Protocol), used in IBM Aspera, offers significant advantages for cloud data transfer, enabling faster, Read More …