Posts

Endpoint Protection Platforms (EPP)s are security solutions that allow for monitoring and controlling security. Endpoint detection and response (EDR) is a type of solution designed to counter zero-day exploits by monitoring registries, processes, libraries, and analyze every minor change. Scenario: You work as a security engineer at Commensurate Technology (ComTech). New company policy dictates that workstations must be reinforced with additional security controls. In light of this decision, the IT Security and Operations teams have agreed to implement the Wazuh solution, with Wazuh agents deployed on all workstations. Elasticsearch and Kibana, integrated with the Wazuh manager, will be used as a backend to provide fast full-text search and data visualization for the health and security monitoring of company assets. ...

This is a writeup of notes from Splunk’s “Intro To Splunk” E-Learning course. At the end of this course I took a quiz and earned a certificate! Intro to Splunk Splunk is a unified data platform that allows teams to work together or individually, to ensure critical systems stay secure and reliable. Splunk’s heart is the index, which contains data from servers, network devices, and web apps. The indexer is a factory, the data is raw materials. As raw material enters the factory, it goes to inspectors. ...

Scenario In 2012, three friends decided to buy scooters for their daily commute in New Napoli. Far from just a method of getting from Point A to Point B, they found that they loved the power and fun they felt while riding. They started to ride on weekends for fun and began posting pictures of their exploits on social media. Soon Angels & Scooters had grown to a dozen or more. Today, Angels & Scooters has more than 300 members. But while they’ve grown in numbers, they haven’t grown in infrastructure. They recently decided it was time for a change and now want to create their very first website. They have the design, one of the city’s hosting providers was kind enough to provide some server space, and they are excited to get started. Unfortunately, they don’t know how to install a webserver. So they’ve come to you for help. ...

Scenario: You are a system administrator of a small IT company which hosts a scooter club website. You are in the process of configuring SSH access to one of the web servers and your colleague, Peter, insists everyone should be able to log into the server directly as the root user. This, of course, is a bad idea for many reasons, one of them being the lack of accountability. But since you both use SSH agents to log into several locations for easier Git access and sometimes using multiple keys, the thing which concerns you most is SSH Agent Hijacking. ...

Pyramid of Pain The Pyramid of Pain is an infosec concept that classifies IOCs (Indicators of Compromise) on a level of difficulty faced by an attacker in succeeding if they are denied certain indicators. Hash Values (Trivial) Software hash values are used by SOC analysts for the purpose of identification. Using a platform like VirusTotal, security researchers can upload a hash to gain more insight into a specific malware sample. It’s easy to spot a malicious file if its hash has been cataloged. However, an attacker can easily modify a known piece of malware to make it produce a different, unknown hash. ...

SOC Analysts often spend a lot of time manually looking up indicators of compromise (IOCs) across multiple OSINT tools like VirusTotal, AbuseIPDB, and MalwareBazaar. This repetitive process slows down triage and investigation. CorpseChasm-KnowYourEnemy is a CLI tool I developed to automate this process and save time. You pass an IOC (Indicator of Compromise) to the tool, and it automatically detects whether it’s an IP address, domain, or file hash. Then, it uses multiple OSINT APIs to enrich the IOC with relevant intelligence to speed up analysis. ...