190 results tagged
security
✕
This site provides free technical training for IBM Security products. You can explore the course catalog and build your own curriculum by enrolling in courses.
Hacker Factor Solutions provides whitepapers and journal articles. Most documents are created and provided privately to customers. The following list represents a sample of documents created by Hacker Factor Solutions and released publicly. The copyrights for these documents have been transfered to their respective owners.
Syslog messages from transit network devices can provide insight into and context for security events that may not be available from other sources. This insight aids in determining the validity and extent of an incident. Within the context of a security incident, administrators can use syslog messages to understand communication relationships, timing, and, in some cases, the attacker's motives and/or tools. These events should be considered complementary and should be used in conjunction with other forms of network monitoring that may already be in place.
Siphons cookies, exposes internal router & installs web backdoor on locked computers
The PowerShell execution policy is the setting that determines which type of PowerShell scripts (if any) can be run on the system. By default it is set to “Restricted“, which basically means none. However, it’s important to understand that the setting was never meant to be a security control.
FireEye’s Mandiant Incident Response and Intelligence teams have identified a wave of DNS hijacking that has affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America. While we do not currently link this activity to any tracked group, initial research suggests the actor or actors responsible have a nexus to Iran.
Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airline company. Based on our research, it's clear that this adversary spent time understanding the victims' network infrastructure in order to remain under the radar and act as inconspicuous as possible during their attacks.
Click a check mark in the following matrix to go to the log source that you're most interested in. For each log source, the relevant ATT&CK framework categories are listed. The Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework was developed by Mitre Corp.
There’s no need to reinvent the wheel to create this model of measurement, but analysts must be able to catalog and group the characteristics they aim to measure to determine what level of SIEM implementation is appropriate for the organization.
Because Azure and Office 365 are widely used, I decided to start with this. I hope you will find it useful because unfortunately, there is a lack of good resources other than Microsoft when it comes to monitoring Azure with a SIEM and I had to spend many hours to study the logs and figure out what was relevant.
List of Open Mic events and presentations.
Le SID est une valeur unique de longueur variable qui est utilisée pour identifier une entité de sécurité ou un groupe de sécurité dans les systèmes d’exploitation Windows. Les SID bien connus sont un groupe de SID qui identifient des utilisateurs génériques ou des groupes génériques. Leurs valeurs restent constantes sur tous les systèmes d’exploitation.
Scan an IP address through multiple DNS-based blacklists (DNSBL) and IP reputation services, to facilitate the detection of IP addresses involved in malware incidents and spamming activities. This service checks in real-time an IP address through more than 80 IP reputation and DNSBL services.
URLVoid is a free service developed by NoVirusThanks on the late 2010 that allows users to scan a website with multiple website reputation engines and domain blacklisting services, to facilitate the detection of dangerous websites related to malware, phishing, scam and fraudulent activities. Please take in mind that even if a website is classified as safe by all the scanning engines, URLVoid can not guarantee the harmlessness of the website analyzed. You should re-scan a website if the report is too old, so that you have up-to-date results.
Chrome Bug: https://www.youtube.com/redirect?event=video_description&v=0uejy9aCNbI&redir_token=9G29Eg5j2LUdpcHnRWyjz7Bzz5V8MTU0MDE1MzEwNkAxNTQwMDY2NzA2&q=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D841105
Orange Tsai: https://twitter.com/orange_8361
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! - CODE BLUE: https://www.youtube.com/watch?v=2MslLrPinm0
Slides: https://www.youtube.com/redirect?event=video_description&v=0uejy9aCNbI&redir_token=9G29Eg5j2LUdpcHnRWyjz7Bzz5V8MTU0MDE1MzEwNkAxNTQwMDY2NzA2&q=https%3A%2F%2Fwww.blackhat.com%2Fdocs%2Fus-17%2Fthursday%2Fus-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
Orange Tsai: https://twitter.com/orange_8361
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! - CODE BLUE: https://www.youtube.com/watch?v=2MslLrPinm0
Slides: https://www.youtube.com/redirect?event=video_description&v=0uejy9aCNbI&redir_token=9G29Eg5j2LUdpcHnRWyjz7Bzz5V8MTU0MDE1MzEwNkAxNTQwMDY2NzA2&q=https%3A%2F%2Fwww.blackhat.com%2Fdocs%2Fus-17%2Fthursday%2Fus-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
Le Piratage du télégraphe Chappe est un détournement du réseau de télégraphie optique entrepris par deux hommes d'affaires bordelais, Louis et François Blanc, entre 1834 et 1836, afin de connaître avant tout le monde la clôture des cours de la rente à la Bourse de Paris.
Le piratage a été rendu possible par la corruption d'un agent télégraphique de Tours, qui ajoutait discrètement le chiffre du cours aux messages envoyés par l'État.
La divulgation de cette manœuvre a contribué au vote de la loi de 1837 sur le monopole public des communications télégraphiques. Il s'agit peut-être d'un des premiers cas de hacking, les frères Blanc exploitant une faille structurelle dans un réseau de télécommunication.
Le piratage a été rendu possible par la corruption d'un agent télégraphique de Tours, qui ajoutait discrètement le chiffre du cours aux messages envoyés par l'État.
La divulgation de cette manœuvre a contribué au vote de la loi de 1837 sur le monopole public des communications télégraphiques. Il s'agit peut-être d'un des premiers cas de hacking, les frères Blanc exploitant une faille structurelle dans un réseau de télécommunication.
Interactive online malware analysis service for dynamic and static research of most types of threats using any environments. Replaces a set of tools for research.
Sploitus is а convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities.
The OASIS Cyber Threat Intelligence (CTI) TC supports automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis. STIX and TAXII.
The methodology used to create the SOC-CMM is a scientific research approach called Design Science Research. This type of research has a focus on bridging the gap between theory and practice and works well for areas that have not been extensively (scientifically) studied and clearly defined, as is the case for SOC capability and maturity. The goal of Design Research is the creation of a tangible result of the research effort. In this case, two artefacts were created: the SOC-CMM model, which is an abstract representation of SOCs and the self-assessment tool based on that model to evaluate capability maturity in a SOC.