Load site modules...
lade...
random avatar

zak_sec - Network

Posts Subscribe

Threw together a blog post of the common risks / misconfigurations frequently seen in smaller organizations. The blog includes guides and...

https://infosec.exchange/@Zak_Se...

Threw together a blog post of the common risks / misconfigurations frequently seen in smaller organizations.

The blog includes guides and steps they can take to quickly improve their security posture and make jumps in security with little overhead.

Please check out the article and share with anyone who may benefit!


thoresonconsulting.com/cyber-s

22.9.2023 14:22Threw together a blog post of the common risks / misconfigurations frequently seen in smaller organizations. The blog includes guides and...
https://infosec.exchange/@Zak_Se...

Doing some studying / reviewing for the #Azure #AZ500. Highly recommend John Saville's Study Cram if you're re-certifying or taking...

https://infosec.exchange/@Zak_Se...

Doing some studying / reviewing for the . Highly recommend John Saville's Study Cram if you're re-certifying or taking it for the first time:

youtube.com/watch?v=6vISzj-z8k

20.6.2023 18:27Doing some studying / reviewing for the #Azure #AZ500. Highly recommend John Saville's Study Cram if you're re-certifying or taking...
https://infosec.exchange/@Zak_Se...

I have had the opportunity to step into a cloud security manager role. Getting up to speed on #cicd without a developer background has been...

https://infosec.exchange/@Zak_Se...

I have had the opportunity to step into a cloud security manager role.

Getting up to speed on without a developer background has been like drinking from a firehose, but I found this video extremely helpful:

youtube.com/watch?v=qP8kir2GUg

As I keep exploring the world of I'll share what I learn. Maybe a blog post or something coming soon.

19.4.2023 15:57I have had the opportunity to step into a cloud security manager role. Getting up to speed on #cicd without a developer background has been...
https://infosec.exchange/@Zak_Se...

Emotet back still using macros .... but this time the file size is big....

https://infosec.exchange/@Zak_Se...

Emotet back still using macros .... but this time the file size is big.

darkreading.com/threat-intelli

9.3.2023 17:26Emotet back still using macros .... but this time the file size is big....
https://infosec.exchange/@Zak_Se...

Reading through the Sophos Blog on #QakNote gave some opportunity for some #regex practice: EmailAttachmentInfo| join EmailEvents on...

https://infosec.exchange/@Zak_Se...

Reading through the Sophos Blog on gave some opportunity for some practice:

EmailAttachmentInfo
| join EmailEvents on NetworkMessageId
| where FileName matches regex @'(?:ApplicationReject_)\d{5}.\w{5}.(?:.one)' or
FileName matches regex @'(?:ComplaintCopy_)\d{5}.\w{5}.(?:.one)'

Happy Hunting ~

news.sophos.com/en-us/2023/02/

8.2.2023 15:11Reading through the Sophos Blog on #QakNote gave some opportunity for some #regex practice: EmailAttachmentInfo| join EmailEvents on...
https://infosec.exchange/@Zak_Se...

Those looking into the recent Cybereason article on #sliver (https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors) may...

https://infosec.exchange/@Zak_Se...

Those looking into the recent Cybereason article on (cybereason.com/blog/sliver-c2-) may find interest in the Microsoft Seucrity Blog from August (microsoft.com/en-us/security/b) offering additional 'Advanced Hunting' queries and detection logic.

25.1.2023 23:27Those looking into the recent Cybereason article on #sliver (https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors) may...
https://infosec.exchange/@Zak_Se...

Stumbled on a super helpful repo full of KQL queries - working with Defender for Cloud Apps via 'Advanced Hunt' offers a lot more...

https://infosec.exchange/@Zak_Se...

Stumbled on a super helpful repo full of KQL queries - working with Defender for Cloud Apps via 'Advanced Hunt' offers a lot more capabilities than the dashboard allows alone.

github.com/Bert-JanP/Hunting-Q

24.1.2023 12:24Stumbled on a super helpful repo full of KQL queries - working with Defender for Cloud Apps via 'Advanced Hunt' offers a lot more...
https://infosec.exchange/@Zak_Se...

Bunked down, it’s a don’t go anywhere kind of day 🥶

https://infosec.exchange/@Zak_Se...

Bunked down, it’s a don’t go anywhere kind of day 🥶

23.12.2022 14:08Bunked down, it’s a don’t go anywhere kind of day 🥶
https://infosec.exchange/@Zak_Se...

Some #KQL commands to perform #ThreatHunting might look like:EmailAttachmentInfo| where FileName has ".iso" or FileName endswith...

https://infosec.exchange/@Zak_Se...

Some commands to perform might look like:

EmailAttachmentInfo
| where FileName has ".iso" or FileName endswith ".img"
| where SenderFromAddress !endswind "company.com"

DeviceFileEvents
| where FileName endswish ".html"
| where FireOriginatingReffererUrl has ".zip"

20.12.2022 14:19Some #KQL commands to perform #ThreatHunting might look like:EmailAttachmentInfo| where FileName has ".iso" or FileName endswith...
https://infosec.exchange/@Zak_Se...

Digging into the recent Qbot #malware using .svg files embedded with javascript. Seen here:...

https://infosec.exchange/@Zak_Se...

Digging into the recent Qbot using .svg files embedded with javascript. Seen here: bleepingcomputer.com/news/secu

It's possible to for e-mails with attachments containing .iso files external or the org. It is also a good idea to include .img files in the hunt as they have also been used in attacks.

Additionally, hunting for .html files originating from .zip files can also lead to interesting finds.

Finally, Intune users can leverage ASR rules to automatically block Javascript and VBscript originating from the internet.

20.12.2022 14:17Digging into the recent Qbot #malware using .svg files embedded with javascript. Seen here:...
https://infosec.exchange/@Zak_Se...

Satellite / Space security is definitely going to heat up. Compromising a satellite is a much quieter alternative to the kinetic approach...

https://infosec.exchange/@Zak_Se...

Satellite / Space security is definitely going to heat up. Compromising a satellite is a much quieter alternative to the kinetic approach seen making headlines in the past. cyberscoop.com/apt28-fancy-bea

18.12.2022 23:31Satellite / Space security is definitely going to heat up. Compromising a satellite is a much quieter alternative to the kinetic approach...
https://infosec.exchange/@Zak_Se...

Excited to explore the new home to network in #threatintel #dfir and #infosec. Looking forward to finding old connections & making new...

https://infosec.exchange/@Zak_Se...

Excited to explore the new home to network in and .

Looking forward to finding old connections & making new ones!

16.12.2022 16:31Excited to explore the new home to network in #threatintel #dfir and #infosec. Looking forward to finding old connections & making new...
https://infosec.exchange/@Zak_Se...
Subscribe
To add news/posts to your profile here, you must add a link to a RSS-Feed to your webfinger. One example how you can do this is to join Fediverse City.
         
Webfan Website Badge
Nutzungsbedingungen   Datenschutzerklärung  Impressum
Webfan | @Web pages | Fediverse Members

⬆️

⬇️