The great thing about threat queries are: they don’t have to be overly complicated. Start out simple, and expand the query to include, exclude, or generate the desired output. I wrote a very simple query to find exploitation of WinRAR under CVE-2023-38831. This exploitation is rather simple as well, with...
One of my favorite CommandLine tools is IOC-Fanger. I work with potentially malicious links and IP addresses, often obtain Indicators of Compromise (IOCs) or have to generate a report for others to read, where I do not want users to click on the links, or automated tools to resolve the...
Recently, Xavier Mertens, of the SANS Internet Storm Center Mertens, posted about a python script he found which uses the Windows API with a call to GetWindowText(). With my education in digital forensics, I find anti-forensics methods interesting. Anti-forensics includes methods designed to prevent, slow down, or impede static of...
Quishing, or phishing involving QR codes has been on the rise. My opinion is: adversaries will take advantage of just about anything they can. Since COVID, a lot more people know what a QR code is and how to use them, just enough knowledge to be dangerous. I would wager...
I attended an industry conference not too long ago, and took special interest in a breakout session on threat hunting, especially since I just moved into a position at my company on the threat hunting team for a client. The speakers gave exceptionally good talks about threat hunting; however, I...
Virus Total is an amazing tool, used by cybersecurity professionals across the world, and across the many industries in the government and private sectors. But beware, just like the saying anything posted on the Internet will be there forever. Analyst might routinely upload documents to Virus Total to detect known...
How secure is your remote work force? If the remote COVID pandemic has taught us anything, it should be about securing a remote work force. In the early days, businesses literally had a one-day turn around from all on-site operations, to just about a 100% remote work force. I worked...
This will be a three-part blog post about cybersecurity tools, and the factors you should consider when selecting tools to implement on your network. Email use is a fact of life. Just about every platform you sign up for an account requires you to submit your email address. Your address...
No matter how technical you are, or non-technical, there are several soft skills everyone in cybersecurity needs to at least have the basics in. Communication Without a doubt if you are not able to communicate, both written and verbally, you will struggle in cybersecurity. Every position I have had in...
Ask any who works in cybersecurity if you should pursue a certification, and you will get mixed results. The two main camps out there either say a certification is required for just about any position in the industry, or a certification is completely useless. Certifications can be either woefully inflated,...
Passwords, and the various solutions users take advantage of to secure them, have been increasingly targeted. A vulnerability for KeepPass 2, a popular free and open-source password vault, was recently release with a proof-of-concept (POC) posted in GitHub by security researcher alt3kx. However, the severity, or the fact the issue...
In early December, Russia cut off access to TOR services and servers according to several reports from media including Reuters and Forbs. TOR, also known as the Onion Router Project, is an anonymizing network used by malicious actors and those seeking privacy for their personal activities or professional work such...
Is there a such thing as an “acceptable level of security?” Ask anyone in field of cybersecurity, and you might get an even split for a yes or no answers. The classic cybersecurity engineering person might say “No! There is never enough security!” While a more strategic person would say...
Unless you’ve been hiding under a rock the last few years, you should have experienced the spammer/scammer text and phone call phenomenon. It mostly started with the “we’ve been trying to reach you about your car’s extended warranty” robo calls, and has morphed into quite the out of control daily...
Updated @ 21:26 EST GoogleFi sent out an email on 30 Jan 2023, informing its users of suspicious activity on the network of a “primary network provider.” The system in question, a 3rd party used for “GoogleFi customer support purposes” contains limited customer data including the following: Phone number When...
This post covers iPhone, however, the features I discuss may be available on popular platforms such as Android. The integrations available on our mobile devices have, no doubt, enhanced our lives. It is nice to reserve a table at your favorite restaurant using a service like Open Table and have...
Back…