Blueprint - Rob van Os - Maturing your Cyber Defense | 15
Blueprint • 2021-04-13
Are you a manager looking to build or improve your SOC? Are you trying to understand how to measure your SOCs maturity or use cases or your threat hunting efforts? If so, today's episode with Rob van Os is for you. In this episode, we discuss the SOC CMM for SOC maturity measurement, the magma use case framework for building and tracking SOC use cases, and the Tahiti threat hunting methodology for showing ROI on threat hunting.
https://lnkd.in/d6DFGZx
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
Blueprint • 2021-04-13
Are you a manager looking to build or improve your SOC? Are you trying to understand how to measure your SOCs maturity or use cases or your threat hunting efforts? If so, today's episode with Rob van Os is for you. In this episode, we discuss the SOC CMM for SOC maturity measurement, the magma use case framework for building and tracking SOC use cases, and the Tahiti threat hunting methodology for showing ROI on threat hunting.
https://lnkd.in/d6DFGZx
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
Managing & Showing Value during Red Team Engagements & Purple Team Exercises
https://lnkd.in/dMaByRa
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
https://lnkd.in/dMaByRa
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
Daily Information Security Podcast ("StormCast")
https://lnkd.in/d5gqZsf
https://lnkd.in/d5gqZsf
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
Kansa
A modular incident response framework in Powershell. It's been tested in PSv2 / .NET 2 and later and works mostly without issue.
But really, upgrade to PSv3 or later. Be happy.
More info:
https://lnkd.in/dHU4mZu
https://lnkd.in/d4Tnnvj
https://lnkd.in/gfw-YbQ
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
A modular incident response framework in Powershell. It's been tested in PSv2 / .NET 2 and later and works mostly without issue.
But really, upgrade to PSv3 or later. Be happy.
More info:
https://lnkd.in/dHU4mZu
https://lnkd.in/d4Tnnvj
https://lnkd.in/gfw-YbQ
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
THE GOAL QUESTION METRIC APPROACH
https://lnkd.in/dbquk8t
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
https://lnkd.in/dbquk8t
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
The world needs leaders. We’re here to help.
Our mission is to galvanize leaders to set and achieve audacious goals—through inspiration, education, and application.Get Started With OKRs
https://lnkd.in/dmk-rj2
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
Our mission is to galvanize leaders to set and achieve audacious goals—through inspiration, education, and application.Get Started With OKRs
https://lnkd.in/dmk-rj2
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
Schneier on Security
https://lnkd.in/dUJq3DE
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
https://lnkd.in/dUJq3DE
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
Trust Me, I'm Certified Episode List
https://lnkd.in/dPDjN-w
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
https://lnkd.in/dPDjN-w
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
All CompTIA courses are free on ITProTV for one weekend only! Become a free member today and log in July 24-15th to access the free courses. https://bit.ly/3yKYkPV
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
کاش باور داشتیم هر روز تولدمون هست هر روز که خداوند به ما مهلت زندگی دوباره میدهد بایستی تولدمان را جشن بگیریم اما افسوس که ما فقط سالروز اولین به دنیا آمدنمان را جشن میگیریم.
اين هفته😼🤪😁 سالروز اولین به دنیا آمدنم هست و فردا سالروز دومین به دنیا امدنم.
افسوس که روزهای مهم کم اهمیت و گاه بی اهمیت میشوند.
امیدوارم هیچیک از ما دچار فراموشی نشده و از یاد نبریم که تولد یعنی دوباره زیستن به شیوه انسانی تر🤲🏻❤️✌🏼😇
پ ن:
Special Thanks of ASPC
-HBD + Fine tune 😀😊😾-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
اين هفته😼🤪😁 سالروز اولین به دنیا آمدنم هست و فردا سالروز دومین به دنیا امدنم.
افسوس که روزهای مهم کم اهمیت و گاه بی اهمیت میشوند.
امیدوارم هیچیک از ما دچار فراموشی نشده و از یاد نبریم که تولد یعنی دوباره زیستن به شیوه انسانی تر🤲🏻❤️✌🏼😇
پ ن:
Special Thanks of ASPC
-HBD + Fine tune 😀😊😾-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
Wireshark is a very important tool when your in Cyber, check this cool website to learn and practice more about it.
https://www.malware-traffic-analysis.net/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
https://www.malware-traffic-analysis.net/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
July 2021 Patch Tuesday updates released by:
1 — Microsoft
2 — Adobe
3 — Google Android
4 — SAP
5 — VMware
6 — Citrix
7 — Linux
8 — Siemens
9 — Schneider Electric
Read:
https://thehackernews.com/2021/07/update-your-windows-pcs-to-patch-117.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
1 — Microsoft
2 — Adobe
3 — Google Android
4 — SAP
5 — VMware
6 — Citrix
7 — Linux
8 — Siemens
9 — Schneider Electric
Read:
https://thehackernews.com/2021/07/update-your-windows-pcs-to-patch-117.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
https://github.com/CyberSecurityUP/PNPT-Preparation-Guide
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
GitHub
GitHub - CyberSecurityUP/PNPT-Preparation-Guide: PNPT Exam Preparation - TCM Security
PNPT Exam Preparation - TCM Security. Contribute to CyberSecurityUP/PNPT-Preparation-Guide development by creating an account on GitHub.
Threat Research
1. Risk Assessment of GitHub Copilot😎
https://gist.github.com/0xabad1dea/be18e11beb2e12433d93475d72016902
2. Guided tour inside WinDefender’s network inspection driver
https://blog.quarkslab.com/guided-tour-inside-windefenders-network-inspection-driver.html
Offensive security
C# port of WMImplant which uses either CIM or WMI to query remote systems🧐
https://github.com/FortyNorthSecurity/CIMplant
exploit
Windows10 21H1 - CreateProcessWithLogon Write Restricted Service EoP (PoC)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2194
Research
How the Kaseya VSA Zero Day Exploit Worked
https://blog.truesec.com/2021/07/06/kaseya-vsa-zero-day-exploit
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
1. Risk Assessment of GitHub Copilot😎
https://gist.github.com/0xabad1dea/be18e11beb2e12433d93475d72016902
2. Guided tour inside WinDefender’s network inspection driver
https://blog.quarkslab.com/guided-tour-inside-windefenders-network-inspection-driver.html
Offensive security
C# port of WMImplant which uses either CIM or WMI to query remote systems🧐
https://github.com/FortyNorthSecurity/CIMplant
exploit
Windows10 21H1 - CreateProcessWithLogon Write Restricted Service EoP (PoC)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2194
Research
How the Kaseya VSA Zero Day Exploit Worked
https://blog.truesec.com/2021/07/06/kaseya-vsa-zero-day-exploit
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
Gist
Risk Assessment of GitHub Copilot
Risk Assessment of GitHub Copilot. GitHub Gist: instantly share code, notes, and snippets.
Exploitation of a Double Free Vulnerability in Ubuntu ShiftFS Driver (CVE-2021-3492)
https://www.synacktiv.com/publications/exploitation-of-a-double-free-vulnerability-in-ubuntu-shiftfs-driver-cve-2021-3492.html
]-> PoC:
https://github.com/synacktiv/CVE-2021-3492/blob/master/exploit/main.c
Red Team Tactics
Pen-Testing Salesforce Apps
Part 1 - Concepts:
https://infosecwriteups.com/in-simple-words-pen-testing-salesforce-saas-application-part-1-the-essentials-ffae632a00e5
Part 2 - Fuzz & Exploit:
https://infosecwriteups.com/in-simple-words-pen-testing-salesforce-saas-application-part-2-fuzz-exploit-eefae11ba5ae
Blue Team Techniques
1. Walkthrough of DFIR Madness PCAP
https://www.netresec.com/?page=Blog&month=2021-07&post=Walkthrough-of-DFIR-Madness-PCAP
2. Investigating a Suspicious Service
https://www.mdsec.co.uk/2021/07/investigating-a-suspicious-service
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
https://www.synacktiv.com/publications/exploitation-of-a-double-free-vulnerability-in-ubuntu-shiftfs-driver-cve-2021-3492.html
]-> PoC:
https://github.com/synacktiv/CVE-2021-3492/blob/master/exploit/main.c
Red Team Tactics
Pen-Testing Salesforce Apps
Part 1 - Concepts:
https://infosecwriteups.com/in-simple-words-pen-testing-salesforce-saas-application-part-1-the-essentials-ffae632a00e5
Part 2 - Fuzz & Exploit:
https://infosecwriteups.com/in-simple-words-pen-testing-salesforce-saas-application-part-2-fuzz-exploit-eefae11ba5ae
Blue Team Techniques
1. Walkthrough of DFIR Madness PCAP
https://www.netresec.com/?page=Blog&month=2021-07&post=Walkthrough-of-DFIR-Madness-PCAP
2. Investigating a Suspicious Service
https://www.mdsec.co.uk/2021/07/investigating-a-suspicious-service
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
Synacktiv
Exploitation of a double free vulnerability in Ubuntu shiftfs driver
Threat Research
CVE-2021-22555 - heap out-of-bounds write vulnerability in Linux Netfilter
https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
]-> PoC Exploit:
https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555
Red Team Tactics
1. Tool for taking over Active Directory user/computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account👍🏽
https://github.com/eladshamir/Whisker
2. Discovering an Authentication Bypass with r2 and Frida
https://bananamafia.dev/post/satisfyer
Malware analysis
1. LuminousMoth APT:
Sweeping attacks for the chosen few
https://securelist.com/apt-luminousmoth/103332
2. Joker Android Fleezware
https://blog.zimperium.com/joker-is-still-no-laughing-matter
exploit
CVE-2021-1879:
Use-After-Free in QuickTimePluginReplacement
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1879.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
CVE-2021-22555 - heap out-of-bounds write vulnerability in Linux Netfilter
https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
]-> PoC Exploit:
https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555
Red Team Tactics
1. Tool for taking over Active Directory user/computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account👍🏽
https://github.com/eladshamir/Whisker
2. Discovering an Authentication Bypass with r2 and Frida
https://bananamafia.dev/post/satisfyer
Malware analysis
1. LuminousMoth APT:
Sweeping attacks for the chosen few
https://securelist.com/apt-luminousmoth/103332
2. Joker Android Fleezware
https://blog.zimperium.com/joker-is-still-no-laughing-matter
exploit
CVE-2021-1879:
Use-After-Free in QuickTimePluginReplacement
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1879.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
security-research
CVE-2021-22555: Turning \x00\x00 into 10000$
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
https://courses.zero2auto.com/beginner-bundle
تحليلگران بد افزار
https://legacy.elearnsecurity.com/course/malware_analysis_professional/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
تحليلگران بد افزار
https://legacy.elearnsecurity.com/course/malware_analysis_professional/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
A_Fresh_Look_at_Trickbots.pdf
6.2 MB
Whitepaper
"A Fresh Look at Trickbot’s Ever-Improving VNC Module", 2021.
// This new research focuses on an updated VNC module, which includes new functionalities for monitoring and intelligence gathering
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
"A Fresh Look at Trickbot’s Ever-Improving VNC Module", 2021.
// This new research focuses on an updated VNC module, which includes new functionalities for monitoring and intelligence gathering
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24