The evil side of DNS

Detection on this phase of the kill chain is not extremely complex, however from a business perspective it is critical for the organization to find this activity. An attacker who has progressed his attack to the C&C phase may be a dangerous and impactful threat for the business. Whether your organization is part of botnet…

Cyber Threat Hunting (3): Hunting in the perimeter

In this third post we are going to see what we need to look at when hunting and detecting adversaries in the perimeter. We are also going to look at some of the firewall technologies and their log formats in order to detect anomalies in the inbound and outbound traffic in your network.    …

Security Monitoring and attack detection planning guide

Today, I had some time to read the “The security Monitoring and Attack Detection Planning Guide” by Microsoft. I have read different documents in the last couple of months aimed at security monitoring in the Microsoft endpoint however this document it is completely up to date and can help organizations to understand the requirements they…

Cyber Threat Hunting (2): Getting Ready

In my previous post I went through the basics of hunting and its benefits for the organization and for analysts. To continue the journey, today I am going to cover the preparations you need to do before you go out there and hunt. We are covering preparations and locations to hunt. As you need some…

Cyber Threat Hunting (1): Intro

After some long months debating whether to write a white paper, and what potential topics I could write about – I just decided that I do not have enough time to go through the process of writing a research paper for the next 6 to 12 months. Instead, I am taking some of my research and current…

Post Quantum Cryptography for the Internet of Things: PKI is ageing

It’s been a very hectic end of the year – researching technologies and working on some professional projects that will hopefully see the light this new year. It is during this last month whilst going through all these prediction reports for 2016, that I have realised that at least for the last 3 years encryption is being…

December webinars

I leave you here some interesting webinars for those looking to get some CPE credits. I am currently researching the role of the use of privileges accounts in the attack lifecycle and some of these webinars focus on the subject. The Most Travelled Attack Path: Securing the Privileged Pathway Stopping Attacks Before They Stop Business…

The new security paradigm shift (2)

After some time postponing this article I finally decided to sit down and finish it. In the first post:  https://samuelalonsog.wordpress.com/2015/10/28/the-new-security-paradigm-shift-1/ I described the evolution of security for the past 15 years until the current day. Today I want to show you the current landscape and guide you to understand how to tackle the new security paradigm…

Active Cyber Defense Tactics

Active cyber defense (ACD) is the concept of proactively opposing an attack in computers and networks. There are a series of tactics that can be applied in order to mitigate risk or detect adversaries inside the network. Active Hunting Security operations team focuses on reactive detection mainly based on signatures. In this scenario advanced attackers…

Advance Hunting and Content Development with RSA Analytics

Looking to extend my knowledge on Security Analytics from RSA I came across this video. It explains very well some of the capabilities SA from RSA provides, also some good practices to follow such as involved defenders in content development. It is a long video but easy to watch.

The new security paradigm shift (1)

From the early 80’s to the first decade of the new millennium, security has evolved very fast, however it is in the last decade that the fastest and biggest shift has happened. We all remember the famous movie ‘Hackers’, with the exotic Angelina Jolie and that punk look of the golden times. These hackers were moved…

Bypassing Perimeter Security and Malware Evasion (3)

This will be the final post in which I am presenting one of the many infection and evasion techniques used by criminals today. In this article which I hope is shorter than the previous ones, https://samuelalonsog.wordpress.com/2015/08/14/bypassing-perimeter-security-and-malware-evasion-1/ and https://samuelalonsog.wordpress.com/2015/08/24/bypassing-perimeter-security-and-malware-evasion-2/ I presume you are currently competent with pcap analysis and Wireshark as the main aim of this…