Testing Endpoint Detection Response Products This is the first of many posts on how to test your Endpoint Detection Response product by using real world scenarios. Products that are being tested I am testing two products today: Palo Alto Prisma…
Below are some questions I like to ask folks during interviews. I think these questions lead to a much more natural and “conversational” type interview. Security Engineer – Example Questions Why are you passionate about cyber security? What is your…
Here is a list of the SHA256 IOCs related to Sunburst as reported by Kim Zetter:
I couldn’t find a good set of Grok rules for the CrowdStrike SIEM connector so I wrote my own. You need two rule sets. Set1: %{IPV4:source_collector_ip} CEF: 0\|CrowdStrike\|FalconHost\|1.0\|%{WORD:event_type}\|%{GREEDYDATA:event_subtype}\|%{INT:event_tactic}\|externalId=%{HOSTNAME:externalID} cn2Label=%{WORD:cn2Label} cn2=%{WORD:cn2} cn1Label=%{WORD:cn1Label} cn1=%{WORD:cn1} dhost=%{HOSTNAME:dhost} duser=%{DATA:duser} msg=%{GREEDYDATA:msg} fname=%{DATA:fname} filePath=%{GREEDYDATA:filepath} cs5Label=%{DATA:cs5Label} cs5=%{GREEDYDATA:cs5} fileHash=%{DATA:fileHash}…
Password Spraying Finding the source of Windows password spraying attacks can be daunting as the Event log does not provide the source IP of the machine making the calls. Windows Event Logs Ideally all of your Windows Event logs from…
Problem You are using the MISP cloud base image and receive error “Error: an internal error has occurred” when trying to access diagnostics from “administration -> server settings -> diagnostics” Solution As root run the following commands pear install …
I kept receiving an “API error” when attempting to run TheHive Project Cortex Analyzer for IBM Xforce. There is currently a bug that is adding an extra / with every request. To fix this issue you need to modify this…
Code loop through a range of IPs and query McAfee epo on client machines # Loop through IP address 10.0.0.10 – 10.0.0.20 and print out # the computer name and the agent version echo “” > output; for ((i=10;i<=20;i++)) do…
When you export your bookmarks from Chrome and Firefox the resulting HTML looks pretty plain. Exported Bookmarks with Icons To enhance the exported bookmarks file by added icons try the following perl -i’bak’ -ple ‘s/ ICON=”([^”]+”)>/><img src=”$1″> /’ bookmarks.html Enhance…
To convert a json file to CSV you will need a linux program called jq. INPUTFILE=”inputfile-with-json” OUTPUTFILE=”outputfile-formatted.csv” jq -r ‘(.[0] | keys_unsorted) as $keys | $keys, map([.[ $keys[] ]])[] | @csv’ ${INPUTFILE} > ${OUTPUTFILE}
