Introduction & Processes to upgrading QRadar software.

Asset exclusion rules that are tuned to exclude IP addresses from the blacklist.

Events are being dropped on Console with Pipeline NATIVE_To_MPC messages.

List of Open Mic events and presentations.

What does Rsync do in a High Availability appliance?

How does QRadar HA peers replicate data between Cluster nodes?

The IBM® Security QRadar® audit logs are in the /var/log/audit directory.
The following list describes the categories of actions that are in the audit log file.

Create a custom column layout by adding or removing columns in an existing layout.

Le SID est une valeur unique de longueur variable qui est utilisée pour identifier une entité de sécurité ou un groupe de sécurité dans les systèmes d’exploitation Windows. Les SID bien connus sont un groupe de SID qui identifient des utilisateurs génériques ou des groupes génériques. Leurs valeurs restent constantes sur tous les systèmes d’exploitation.

Scan an IP address through multiple DNS-based blacklists (DNSBL) and IP reputation services, to facilitate the detection of IP addresses involved in malware incidents and spamming activities. This service checks in real-time an IP address through more than 80 IP reputation and DNSBL services.

URLVoid is a free service developed by NoVirusThanks on the late 2010 that allows users to scan a website with multiple website reputation engines and domain blacklisting services, to facilitate the detection of dangerous websites related to malware, phishing, scam and fraudulent activities. Please take in mind that even if a website is classified as safe by all the scanning engines, URLVoid can not guarantee the harmlessness of the website analyzed. You should re-scan a website if the report is too old, so that you have up-to-date results.

Chrome Bug: https://www.youtube.com/redirect?event=video_description&v=0uejy9aCNbI&redir_token=9G29Eg5j2LUdpcHnRWyjz7Bzz5V8MTU0MDE1MzEwNkAxNTQwMDY2NzA2&q=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D841105
Orange Tsai: https://twitter.com/orange_8361
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! - CODE BLUE: https://www.youtube.com/watch?v=2MslLrPinm0
Slides: https://www.youtube.com/redirect?event=video_description&v=0uejy9aCNbI&redir_token=9G29Eg5j2LUdpcHnRWyjz7Bzz5V8MTU0MDE1MzEwNkAxNTQwMDY2NzA2&q=https%3A%2F%2Fwww.blackhat.com%2Fdocs%2Fus-17%2Fthursday%2Fus-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf

Le Piratage du télégraphe Chappe est un détournement du réseau de télégraphie optique entrepris par deux hommes d'affaires bordelais, Louis et François Blanc, entre 1834 et 1836, afin de connaître avant tout le monde la clôture des cours de la rente à la Bourse de Paris.

Le piratage a été rendu possible par la corruption d'un agent télégraphique de Tours, qui ajoutait discrètement le chiffre du cours aux messages envoyés par l'État.

La divulgation de cette manœuvre a contribué au vote de la loi de 1837 sur le monopole public des communications télégraphiques. Il s'agit peut-être d'un des premiers cas de hacking, les frères Blanc exploitant une faille structurelle dans un réseau de télécommunication.

Interactive online malware analysis service for dynamic and static research of most types of threats using any environments. Replaces a set of tools for research.

Sploitus is а convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities.

The OASIS Cyber Threat Intelligence (CTI) TC supports automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis. STIX and TAXII.

The methodology used to create the SOC-CMM is a scientific research approach called Design Science Research. This type of research has a focus on bridging the gap between theory and practice and works well for areas that have not been extensively (scientifically) studied and clearly defined, as is the case for SOC capability and maturity. The goal of Design Research is the creation of a tangible result of the research effort. In this case, two artefacts were created: the SOC-CMM model, which is an abstract representation of SOCs and the self-assessment tool based on that model to evaluate capability maturity in a SOC.

Ransomware Overview

glogg is a multi-platform GUI application to browse and search through long or complex log files. It is designed with programmers and system administrators in mind. glogg can be seen as a graphical, interactive combination of grep and less.

Hey there!
If you have been searching for a place to get started with
Reverse Engineering and get your hands dirty - you are in the right place :)