Network attacks and exploitation: a framework

There is no other book like this one, indeed I would say this is the only book I have read of this nature. It has been written and edited by Matthew Monte and Dave Aitel two experts in the field. The main focus of the book is Computer Network Exploitation (CNE) from a strategic point…

How They Rule the World: The 22 Secret Strategies of Global Power

This a short review of a geostrategy book written by Pedro Baños, Pedro is a colonel of the Spanish Army and a specialist in geostrategy, defense, security, and jihadist terrorism and he held different positions during his career from Lieutenant to Head of Counterintelligence and Security for Europe in Strasbourg. I initially got interested in this…

Russian disinformation operations for the masses

This a very good, short and to the point documentary on how Russia has been developing their disinformation operations. Having researched this field through papers and doctrine; I recommend watching this video. It is very succinct with real examples from the past and present in which the objectives and impact of these operations in western…

Free cyber intelligence courses from Augusta university

By chance, a few days ago I came across three free courses from the University of Augusta. These courses have been recognized by the NSA’s cybersecurity curriculum program. http://jagwire.augusta.edu/prestigious-nsa-recognition-for-augusta-university-cyber-security-instruction/ The courses are the following: The Global Cyber Threat Environment Cyber Conflict Strategic Cybersecurity I have not had time to go through all the courses however…

Enterprise Threat Modeling and ATT&CK

After spending some time working with the ATT&CK threat model, which is primarily aimed at modeling threats from a systems perspective, I have been wondering what other frameworks are available to model threats from an organisational or business unit perspective and that can also support the integration with ATT&CK. The following document: Enterprise Threat Model…

Cyber Intelligence Tradecraft Report by Carnegie Mellon University

A few days ago through my network of contacts, I came to find this fantastic report about Cyber Intelligence tradecraft and its evolution in the United States. This report is absolutely mind-blowing with its 176 pages of research on the evolution, challenges and best practices in the evolving field of Cyber Intelligence. The recommended audience…

Active Cyber Defence: deception and attacker control (2)

Let’s assume that until now, we have been applying active cyber defence in our environment. We are consuming intelligence, creating intelligence and working in tandem with our security operations teams to outmaneuver the adversary. We have also adopted the cyber kill chain model and other models to integrate intelligence within operations. Also, we are updating…

Active Cyber Defence: The need for an active cyber defence model (1)

It’s been some time since the first honeypots were developed and the concept of deception contemplated as a potential mechanism to detect, slow down and counter-attack the opponent. We are looking at 15 to 20 years of attempts to embrace cyber deception, almost in parallel in the same amount of time the threat has evolved…

Intelligence-Driven Incident Response, book review.

  Intelligence Driven Incident Response is a great book that provides insight into the evolving field of Defense Intelligence. This book is about the missing link between your cyber defense operations teams, threat intelligence and intelligence to provide the organization with full spectrum defensive capabilities. The book is an extensive walkthrough that will take the reader…

Advanced Hunting with RSA Netwitness

In this post I will quickly go through RSA Netwitness which is other solution specific for Threat Hunting. This solution has a complete different approach to other existent ones in the market. RSA Netwitness leverages the power of metadata, packet capture and logs to ease the Threat Hunting process. RSA has developed Netwitness investigator in…

Detecting Lateral movement through event logs

Japan Cert has recently released a new research paper in wich the show the value of envent logs for the detection of lateral movement. The research papers is outstanding following the quaility of all documentation that the Japan Cert often releases to the public. The research provides and insight into the current tools used by…

A Lustrum of Malware Network Communication: Evolution and Insights

I recently came across this white paper which focuses in the dynamic analysis of network indicators for threat detection. The paper is very easy to read and I found very surprising some of the conclusions obtained from the research. The most revealing one is the fact that months before researchers have access or discovered a…