Threw together a blog post of the common risks / misconfigurations frequently seen in smaller organizations.
The blog includes guides and steps they can take to quickly improve their security posture and make jumps in security with little overhead.
Please check out the article and share with anyone who may benefit!
#smallbusiness #Risk
https://thoresonconsulting.com/cyber-security-blog/5-easy-steps-small-business-can-take-to-massively-improve-security
Doing some studying / reviewing for the #Azure #AZ500. Highly recommend John Saville's Study Cram if you're re-certifying or taking it for the first time:
https://www.youtube.com/watch?v=6vISzj-z8k4&
20.6.2023 18:27Doing some studying / reviewing for the #Azure #AZ500. Highly recommend John Saville's Study Cram if you're re-certifying or taking...I have had the opportunity to step into a cloud security manager role.
Getting up to speed on #cicd without a developer background has been like drinking from a firehose, but I found this video extremely helpful:
https://www.youtube.com/watch?v=qP8kir2GUgo&ab_channel=TechWorldwithNana
As I keep exploring the world of #cloudsecurity I'll share what I learn. Maybe a blog post or something coming soon.
19.4.2023 15:57I have had the opportunity to step into a cloud security manager role. Getting up to speed on #cicd without a developer background has been...Emotet back still using macros .... but this time the file size is big.
https://www.darkreading.com/threat-intelligence/emotet-resurfaces-yet-again-after-three-month-hiatus
9.3.2023 17:26Emotet back still using macros .... but this time the file size is big....Reading through the Sophos Blog on #QakNote gave some opportunity for some #regex practice:
EmailAttachmentInfo
| join EmailEvents on NetworkMessageId
| where FileName matches regex @'(?:ApplicationReject_)\d{5}.\w{5}.(?:.one)' or
FileName matches regex @'(?:ComplaintCopy_)\d{5}.\w{5}.(?:.one)'
Happy Hunting ~
https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
8.2.2023 15:11Reading through the Sophos Blog on #QakNote gave some opportunity for some #regex practice: EmailAttachmentInfo| join EmailEvents on...Those looking into the recent Cybereason article on #sliver (https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors) may find interest in the Microsoft Seucrity Blog from August (https://www.microsoft.com/en-us/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/) offering additional 'Advanced Hunting' queries and detection logic.
25.1.2023 23:27Those looking into the recent Cybereason article on #sliver (https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors) may...Stumbled on a super helpful repo full of KQL queries - working with Defender for Cloud Apps via 'Advanced Hunt' offers a lot more capabilities than the dashboard allows alone.
https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
24.1.2023 12:24Stumbled on a super helpful repo full of KQL queries - working with Defender for Cloud Apps via 'Advanced Hunt' offers a lot more...Bunked down, it’s a don’t go anywhere kind of day 🥶
23.12.2022 14:08Bunked down, it’s a don’t go anywhere kind of day 🥶Some #KQL commands to perform #ThreatHunting might look like:
EmailAttachmentInfo
| where FileName has ".iso" or FileName endswith ".img"
| where SenderFromAddress !endswind "company.com"
DeviceFileEvents
| where FileName endswish ".html"
| where FireOriginatingReffererUrl has ".zip"
Digging into the recent Qbot #malware using .svg files embedded with javascript. Seen here: https://www.bleepingcomputer.com/news/security/attackers-use-svg-files-to-smuggle-qbot-malware-onto-windows-systems/
It's possible to #hunt for e-mails with attachments containing .iso files external or the org. It is also a good idea to include .img files in the hunt as they have also been used in attacks.
Additionally, hunting for .html files originating from .zip files can also lead to interesting finds.
Finally, Intune users can leverage ASR rules to automatically block Javascript and VBscript originating from the internet.
20.12.2022 14:17Digging into the recent Qbot #malware using .svg files embedded with javascript. Seen here:...Satellite / Space security is definitely going to heat up. Compromising a satellite is a much quieter alternative to the kinetic approach seen making headlines in the past. https://www.cyberscoop.com/apt28-fancy-bear-satellite/
18.12.2022 23:31Satellite / Space security is definitely going to heat up. Compromising a satellite is a much quieter alternative to the kinetic approach...Excited to explore the new home to network in #threatintel #dfir and #infosec.
Looking forward to finding old connections & making new ones!
16.12.2022 16:31Excited to explore the new home to network in #threatintel #dfir and #infosec. Looking forward to finding old connections & making new...⬆️
⬇️