Free SIEM to augment existing SIEM.
Currently we have SIEM (SAAS Solution) that covers all of our servers, switches, routers firewalls.
We do not collect logs for any of our workstations (3000 workstations) and I would like to have something but we do not have any budget to increase our existing SIEM capacity. I just want to have something incase I need to review logs on a workstations.
I was looking at Wazuh but it does not look like it will scale well with that many workstations.
Any recommendations?
๐ฃCritical_Egg_913
I'm going to be different and say, you don't need a siem to handle workstations. Get alerts out of your EDR and then use Velociraptor to query for logs and other events on workstations.
๐คmustacheride3
I just ran across gravwell.io I'm currently testing it out in a lab but it looks promising. It is free up to 14gb/day
๐คsemipvt
Graylog. Open Source Splunk.
๐คSLC_CA
๐@malwr
Currently we have SIEM (SAAS Solution) that covers all of our servers, switches, routers firewalls.
We do not collect logs for any of our workstations (3000 workstations) and I would like to have something but we do not have any budget to increase our existing SIEM capacity. I just want to have something incase I need to review logs on a workstations.
I was looking at Wazuh but it does not look like it will scale well with that many workstations.
Any recommendations?
๐ฃCritical_Egg_913
I'm going to be different and say, you don't need a siem to handle workstations. Get alerts out of your EDR and then use Velociraptor to query for logs and other events on workstations.
๐คmustacheride3
I just ran across gravwell.io I'm currently testing it out in a lab but it looks promising. It is free up to 14gb/day
๐คsemipvt
Graylog. Open Source Splunk.
๐คSLC_CA
๐@malwr
Reddit
From the cybersecurity community on Reddit
Explore this post and more from the cybersecurity community
Food delivery robots give captured video footage to police
https://www.malwarebytes.com/blog/news/2023/10/food-delivery-robots-give-captured-video-footage-to-police
๐@malwr
https://www.malwarebytes.com/blog/news/2023/10/food-delivery-robots-give-captured-video-footage-to-police
๐@malwr
Malwarebytes
Food delivery robots give captured video footage to police
A food delivery service that deploys semi-autonomous robots has worked with the police, handing over camera feeds captured while the robots are out and about.
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
๐ฃSCI_Rusher
๐@malwr
๐ฃSCI_Rusher
๐@malwr
Microsoft News
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
Microsoft identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance.
Letโs Go into the rabbit hole (part 1) โ the challenges of dynamically hooking Golang programs
๐ฃguedou
๐@malwr
๐ฃguedou
๐@malwr
Quarkslab
Letโs Go into the rabbit hole (part 1) โ the challenges of dynamically hooking Golang programs - Quarkslab's blog
Golang is the most used programming language for developing cloud technologies. Tools such as Kubernetes, Docker, Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extendโฆ
MSIFortune - LPE with MSI Installers
A quite long blogpost about several types of LPEs which I found in the msi repair function.
There is a lot of different stuff, much more then Mandiant reveiled a few months ago.
Tested about 1000 msi which was quite time consuming.
https://badoption.eu/blog/2023/10/03/MSIFortune.html
๐ฃPfiatDe
๐@malwr
A quite long blogpost about several types of LPEs which I found in the msi repair function.
There is a lot of different stuff, much more then Mandiant reveiled a few months ago.
Tested about 1000 msi which was quite time consuming.
https://badoption.eu/blog/2023/10/03/MSIFortune.html
๐ฃPfiatDe
๐@malwr
Google Cloud Blog
Escalating Privileges via Third-Party Windows Installers | Mandiant | Google Cloud Blog
๐1
TargetCompany Ransomware Abuses FUD Obfuscator Packers
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.
https://www.trendmicro.com/en_us/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
๐@malwr
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.
https://www.trendmicro.com/en_us/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
๐@malwr
Trend Micro
TargetCompany Ransomware Abuses FUD Obfuscator Packers
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.
๐1
Remote Code Execution In PyTorch Model Server TorchServe
Remote Code Execution In PyTorch Model Server TorchServe
Oligo's research team has uncovered a chain of critical vulnerabilities, named ShellTorch, including CVE-2023-43654 (CVSS: 9.8) in the PyTorch model server TorchServe.
This flaw allows unauthorized access to #AI models and enables Remote Code Execution (RCE) leaving countless services and end-users at risk.
๐ฃBigBother59
๐@malwr
Remote Code Execution In PyTorch Model Server TorchServe
Oligo's research team has uncovered a chain of critical vulnerabilities, named ShellTorch, including CVE-2023-43654 (CVSS: 9.8) in the PyTorch model server TorchServe.
This flaw allows unauthorized access to #AI models and enables Remote Code Execution (RCE) leaving countless services and end-users at risk.
๐ฃBigBother59
๐@malwr
GitHub
GHSA-4mqg-h5jf-j9m7 - GitHub Advisory Database
TorchServe Pre-Auth Remote Code Execution
๐ฑ1
Economic Espionage Via Fake Social Media Profiles in the UK: Professional Workers Awareness and Resilience
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Ssrn
Economic Espionage Via Fake Social Media Profiles in the UK: Professional Workers Awareness and Resilience
This paper explores the use of fake social media accounts for economic espionage. It focuses solely on the first step of the recruitment process, the link reque
PETEP: Open source tool for Penetration Testing of non-HTTP protocols (TCP, UDP) through graphical UI or code, also supports using Burp/Zaproxy by wrapping the binary traffic into HTTP.
๐ฃvutmajk
๐@malwr
๐ฃvutmajk
๐@malwr
GitHub
GitHub - Warxim/petep: PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modificationโฆ
PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of ap...
2023-10-03 - Pikabot infection with Cobalt Strike
https://www.malware-traffic-analysis.net/2023/10/03/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/10/03/index.html
๐@malwr
What is the dark web?
What is the dark web, and how is it different from the deep web?
https://blog.talosintelligence.com/what-is-the-dark-web/
๐@malwr
What is the dark web, and how is it different from the deep web?
https://blog.talosintelligence.com/what-is-the-dark-web/
๐@malwr
Cisco Talos Blog
What is the dark web?
What is the dark web, and how is it different from the deep web?
โค1
Quishing Triage 101: How to Investigate Suspicious QR Codes in Emails
Quishing, derived from combining โQR codeโ and โphishing,โ has manifested as a significant cybersecurity threat, particularly noting a discernible surge in incidents since July 2023. This technique leverages QR codes, square barcodes decipherable by mobile device cameras, to mislead users into interacting with malicious digital content. When a user scans a QR code in a...
https://intezer.com/blog/alert-triage/quishing-triage-how-to-investigate-suspicious-qr-codes-in-emails/
๐@malwr
Quishing, derived from combining โQR codeโ and โphishing,โ has manifested as a significant cybersecurity threat, particularly noting a discernible surge in incidents since July 2023. This technique leverages QR codes, square barcodes decipherable by mobile device cameras, to mislead users into interacting with malicious digital content. When a user scans a QR code in a...
https://intezer.com/blog/alert-triage/quishing-triage-how-to-investigate-suspicious-qr-codes-in-emails/
๐@malwr
A Practical Approach to SBOM in CI/CD Part III โ Tracking SBOMs with Dependency-Track
๐ฃtheowni
Do you fill up dependencies manually, or using something like BlackDuck?
๐คbroadexample
๐@malwr
๐ฃtheowni
Do you fill up dependencies manually, or using something like BlackDuck?
๐คbroadexample
๐@malwr
Medium
A Practical Approach to SBOM in CI/CD Part III โ Tracking SBOMs with Dependency-Track
Crucial part of utilising a full potential of Software Bill of Materials is automation. This article covers automated projects trackingโฆ
Python SAST Security Tools?
So, for my apprenticeship i have to find a new SAST Security Tool to integrate into a pipeline. The only actual boundary is that it has to be open-source. Just so you know, the pipeline runs into a Docker container. It would be better if it easily implementable (in this project we use mainly Docker, maven and pip to install new tools in the container). Another guideline would be to find a tool that analyzes very used languages (like Python or Java). Alternately, can do other stuff but it should be simple enough to me to understand it (maybe policies tester are out of my league? i dunno).
We already use Trivy, Bandit, Semgrep, Safety, Checkov, [and under maven:\] Spotbugs, OWASP DC and Spotless (Techincally also Kubescape and Talisman but we have not fully developed them yet)
Before you ask, yes...i've tried to search on my own (pretty deeply, i think). So this what my precedent tries/alternatives are:
\- Flawfinder (a bit tricky to install and analyze only C/C++)
\- Pysa/Pyrecheck (it's not easy to install, hard to understand, and prints strange errors)
\- Bearer (probably my choice if i don't find a python alternative but...i hate Java)
Sorry for the long message and thanks to all for any advice or answer on the post. Of course i don't expect you to research, that is my job. Just write if anything pops in your mind.
Thx again!
๐ฃFanta_futuro
Your org is already using much of what is available for your needs so Iโm not sure what OSS are available with your criteria that could offer you more or even in-addition too, but youโve already first hand have seen this yourself.
I know many tools to meet your needs but now weโre moving away from OSS and into SaaS but my guess is you have no budget for that.
Off the cuff what are the odds that the ask could pivot to SCA provided you and everyone else are large consumers of OSS and need to/should maybe look to consider your OSS risk?
Otherwise the only thing I can offer you is this link to GitHub that may be of assistance.
https://github.com/analysis-tools-dev/static-analysis#python
๐คSivyre
๐@malwr
So, for my apprenticeship i have to find a new SAST Security Tool to integrate into a pipeline. The only actual boundary is that it has to be open-source. Just so you know, the pipeline runs into a Docker container. It would be better if it easily implementable (in this project we use mainly Docker, maven and pip to install new tools in the container). Another guideline would be to find a tool that analyzes very used languages (like Python or Java). Alternately, can do other stuff but it should be simple enough to me to understand it (maybe policies tester are out of my league? i dunno).
We already use Trivy, Bandit, Semgrep, Safety, Checkov, [and under maven:\] Spotbugs, OWASP DC and Spotless (Techincally also Kubescape and Talisman but we have not fully developed them yet)
Before you ask, yes...i've tried to search on my own (pretty deeply, i think). So this what my precedent tries/alternatives are:
\- Flawfinder (a bit tricky to install and analyze only C/C++)
\- Pysa/Pyrecheck (it's not easy to install, hard to understand, and prints strange errors)
\- Bearer (probably my choice if i don't find a python alternative but...i hate Java)
Sorry for the long message and thanks to all for any advice or answer on the post. Of course i don't expect you to research, that is my job. Just write if anything pops in your mind.
Thx again!
๐ฃFanta_futuro
Your org is already using much of what is available for your needs so Iโm not sure what OSS are available with your criteria that could offer you more or even in-addition too, but youโve already first hand have seen this yourself.
I know many tools to meet your needs but now weโre moving away from OSS and into SaaS but my guess is you have no budget for that.
Off the cuff what are the odds that the ask could pivot to SCA provided you and everyone else are large consumers of OSS and need to/should maybe look to consider your OSS risk?
Otherwise the only thing I can offer you is this link to GitHub that may be of assistance.
https://github.com/analysis-tools-dev/static-analysis#python
๐คSivyre
๐@malwr
Reddit
From the cybersecurity community on Reddit
Explore this post and more from the cybersecurity community
๐1