Category Archives: Uncategorized

As a Security Analyst, your job is to identify business risks and raise the alarm to higher along with your recommendation of a solution. Some times you get approval for immediate mitigation action, other times for whatever reason the recommendation will be overruled. Risk = Threat x Vulnerability Lets make this a scenario and sayContinue reading “A Risk Acceptance Log is a MUST”

My own three month journey ended the other day in success passing the CISSP (Certified Information System Security Professional) certification test. Thought I’d outline my study strategy as a whole, what really helped, what was a waste of time and some other tips and tricks I learned along the way. If this guide helps oneContinue reading “CISSP Certification Journey”

The CVSS or Common Vulnerability Scoring System, in its most basic form is a framework used to assign a numeric score 0 – 10 to severity of vulnerabilities, 10 being the most severe. The score is based on vendor neutral qualitative estimates of risk, in combination with end user input depending on environmental specific considerations.Continue reading “CVSS – What is it and why do I care?”

M$ Patch Tuesday February 2021 fixes 56 bugs which include a ZeroDay, and a high priority DNS (Domain Name Service) Vulnerability patch. ZeroDay CVE-2021-1732 is an elevation of privilege bug that comes in with a slightly lower CVSS of 7.8, due to the attacker already needing some sort of access on the targeted host. OnceContinue reading “MS PatchTuesday February 2021”

Over they years I’ve seen a number of ways to deal with Local Administrator account passwords from setting it once at build and never resetting, to deploying a change routinely via GPO (Group Policy Objects) among other poor practices. Problem with the first method is obvious, one password across multiple endpoints that never changes, wrongContinue reading “LAPS- Its Easy and Its Free”

Seeing as how its closing in on the end of January and February patch Tuesday is right around the corner, hopefully everyone is fully aware of what ZeroLogon or CVE-2020-1472 is. However here is the high level just encase you’re a little late to the game, no worries though there is still time. Back inContinue reading “ZeroLogon – Last Minute Need to Know”

Question: How often does your Local Group membership for Servers change? Question: How often does a local user account get created on a Server? Answer: Very Rare to never in most enterprise organizations For that reason these two events are prime SIEM Alert candidates for BlueTeams that offer a low false positive rate paired withContinue reading “SIEM Alerting Essentials: Server Local Groups and Users”

By now everyone has seen in the news the major Supply Chain Attack against Solar Winds.  If so feel free to skip this and jump to the next paragraph, If not a very high level summary is as follows:  Originally accredited to the Russian hacking group ATP29 (however questions been recently raised on accuracy ofContinue reading ““Loose Lips Sink Ships” has never been so true”

No longer breaking news as I’m sure every Cyber Security Professional is aware that FireEye announced on Dec 8 2020 that they were victims of a data breach from what they are calling a “state sponsored attack”. Now that things have settled down a little and more details have been officially released lets dig inContinue reading “Fire Eye Breach- What does it all mean?”