PS C:\Users\BlueTeam>
Cipher Suite Recon with TestSSL.sh
Weak Ciphers can be your key to MITM (Man in the Middle) traffic sniffing, so whats the best approach to discover them? There are many methods out there, Qualys SSL Labs is one of the most popular for scanning websites, but what about an internal server not publicly available? Fire up your Kali VM, install…
A Risk Acceptance Log is a MUST
As a Security Analyst, your job is to identify business risks and raise the alarm to higher along with your recommendation of a solution. Some times you get approval for immediate mitigation action, other times for whatever reason the recommendation will be overruled. Risk = Threat x Vulnerability Lets make this a scenario and say…
CISSP Certification Journey
My own three month journey ended the other day in success passing the CISSP (Certified Information System Security Professional) certification test. Thought I’d outline my study strategy as a whole, what really helped, what was a waste of time and some other tips and tricks I learned along the way. If this guide helps one…
CVSS – What is it and why do I care?
The CVSS or Common Vulnerability Scoring System, in its most basic form is a framework used to assign a numeric score 0 – 10 to severity of vulnerabilities, 10 being the most severe. The score is based on vendor neutral qualitative estimates of risk, in combination with end user input depending on environmental specific considerations.…
MS PatchTuesday February 2021
M$ Patch Tuesday February 2021 fixes 56 bugs which include a ZeroDay, and a high priority DNS (Domain Name Service) Vulnerability patch. ZeroDay CVE-2021-1732 is an elevation of privilege bug that comes in with a slightly lower CVSS of 7.8, due to the attacker already needing some sort of access on the targeted host. Once…
LAPS- Its Easy and Its Free
Over they years I’ve seen a number of ways to deal with Local Administrator account passwords from setting it once at build and never resetting, to deploying a change routinely via GPO (Group Policy Objects) among other poor practices. Problem with the first method is obvious, one password across multiple endpoints that never changes, wrong…
ZeroLogon – Last Minute Need to Know
Seeing as how its closing in on the end of January and February patch Tuesday is right around the corner, hopefully everyone is fully aware of what ZeroLogon or CVE-2020-1472 is. However here is the high level just encase you’re a little late to the game, no worries though there is still time. Back in…
SIEM Alerting Essentials: Server Local Groups and Users
Question: How often does your Local Group membership for Servers change? Question: How often does a local user account get created on a Server? Answer: Very Rare to never in most enterprise organizations For that reason these two events are prime SIEM Alert candidates for BlueTeams that offer a low false positive rate paired with…
“Loose Lips Sink Ships” has never been so true
By now everyone has seen in the news the major Supply Chain Attack against Solar Winds. If so feel free to skip this and jump to the next paragraph, If not a very high level summary is as follows: Originally accredited to the Russian hacking group ATP29 (however questions been recently raised on accuracy of…
Fire Eye Breach- What does it all mean?
No longer breaking news as I’m sure every Cyber Security Professional is aware that FireEye announced on Dec 8 2020 that they were victims of a data breach from what they are calling a “state sponsored attack”. Now that things have settled down a little and more details have been officially released lets dig in…
Loading…
Something went wrong. Please refresh the page and/or try again.
Subscribe for Updates
Get new content delivered directly to your inbox.
WEISTER CREEK 