It’s not every day that you get a phone call at 2 AM asking for a breach response job. Let alone, one that we would later discover to be originated from not just any insider threat — a rogue security professional insider threat. In this article I will walk you through what happened in this incident, the indicators of compromise (IOCs), Tactics, Tools, and Procedures (TTPs), and the strategies involved with detecting and responding to a rogue cyber insider.
The article will be a blend of technical details and strategic oversight guidance in tandem with our story. After the details…
I’ve decided to take moment to reflect on who and what were beneficial to me during my journey to become a cyber security professional. In this brief guide, I go over security expertise requirements, best practices, and recommendations for individuals looking to transition into security professionals. This is also a useful pocket guide for recruiters in selecting talented candidates and snuffing out less than credible or incompetent professionals diluting our field. We’re going to cover:
During a typical penetration testing engagement; I’ve often run into issues trying basic encoding or encryption techniques even with live off the land binaries (LOLbins) due to more aggressive endpoint security. Some customers are taking note of typical base64, RC4, and other commonly utilized encryption and or obfuscation techniques for files written to disk as well as any modules loaded into memory.
This is where some creativity must come in to prevent your payload or exfiltration staging data to trigger an alert in security tools. In such instances, it’s common for these types of customers to have other technology departments…
In this tutorial we’ll be covering how to setup and deploy a small medical imaging client-server based network using a combination of free and open source tools. In addition, we’ll troubleshoot some common interoperability issues between such systems; and also provide recommendations for Health Information Technology (HIT) professionals.
At the end of this article you should be able to:
Welcome to my guide on dynamic binary instrumentation (DBI). In this article, we’re going to learn the evolution of general binary analysis methods and how to perform some common routines used by security researchers. DBI in itself is a powerful way to gain visibility, modify behavior, and fuzz closed source binaries without having to re-compile or run the original code itself. In fact, there are use cases where engineers have optimized code performance by using instrumentation. If you’ve ever heard of “hot patching” or “function hooking”; that’s exactly what DBI does.
After reading this article, you should be able to:
This week I’ve had the pleasure of dealing with lots of wireless (WLAN) de-authentication attacks on my Wireless AP’s (WAPs) with attempts to crack my WPA2 key. The reason why I found it quite enjoyable was because it gave me an excuse to implement 802.1X WLAN Security using my new toys. 802.1X authentication greatly increases your security posture over shared secrets when deployed correctly.
Particularly, I purchased a Ubiquiti UDM-PRO and UAP-PRO-AC products to replace my toaster of a PFsense box and other WAP’s. There’s certainly lots of room for privacy and security improvement in the products; but the simple…
In this article, we’re going to learn how to use COM objects and PowerShell in Windows to execute shell commands with a couple of techniques for evading some endpoint security. Specifically, what you should get out of this is:
Disclaimer: Please do not utilize anything you learn in this article for unauthorized or illegal purposes.
COM objects stand for Component Object Model for Windows. It…
Welcome to Part 2 of our three part series on our journey to the GIAC Security Expert (GSE) certification. If you’re looking for Part 1 or wish to learn more about how we setup Google Cloud Compute VPS and Colab Jupyter Notebooks, please use this link. In this guide we’re going to focus on a few tools and use cases that aren’t always used by defending analysts because they’re not in penetration testing engagements.
In the GSE, you will be tested on GCIH foundations which include basic tool usage. You don’t have to master every single tool but you should…
I’ve decided to write a guide on my journey towards getting the GIAC Security Expert (GSE). This guide is focused on those who are also planning on obtaining their GSE and or are in the middle of studying for the qualifier exam or the labs now.
Even if this does not apply to you; there are loads of high quality tips for command line and scripting considerations for your daily security administration.
This is a three part series. Part 1 is about my prep for the qualifier exam and hands-on prep work for the labs which includes:
All over the web there’s terms like “fake news”; the equivalent to such in the security world is “false flags”. What will Cyber Threat Intelligence (CTI) Programs do about it today in almost every Fortune 100?
After all, there’s tons of information in the form of paid and OSINT feeds out there that enrich and add value to any indicators cyber security defenders may see in their own networks. These community driven efforts in either private or public fashion put a “best effort” approach at reporting adversarial characteristics. …
Security Practitioner | USAF Veteran *Opinions are my own