Amateur Security Archaeologists, trying not to break things.

Author: Mike (Page 7 of 15)

What scares you most? How great Threat Pictures are made!

Most of the posts in the past couple of months have focused on threat modeling tools and use cases. Process-level stuff is interesting, but how do we make sure the inputs are valid? My good friend Mark and I explore that with customers during our Cisco Live interactive breakout, and the things we learn are eye-opening! You can have all the process in the world, but if the inputs are trash, so too will be the outputs. How do we get to the root of it all: What scares you most? We need to ensure we aren’t just wasting our time, right? So how do we paint a great threat picture?

Continue reading

What’s causing Mike’s Indigestion now? Infrastructure Weak! (19 Jan 2024)

Good morning folks! I had a great time leading a Threat Hunting Workshop at my alma mater, RIT, and meeting some awesome customers, but in my travels I gathered some updates on the threat & vuln side of things that we all should be aware of. And before we get started, I meant to spell “Weak” that way – so let’s get started!:

Continue reading

Power-up your security: Mapping ATT&CK’s massive ecosystem

If you are a security professional, MITRE’s ATT&CK is everywhere these days. Even in places it does not belong! That being said, there are a ton of tools, projects, and extensions to ATT&CK. Some are fundamental (like Navigator) while others are niche. How do we tell what is right for us? What projects are essential to power up your security program? For my upcoming Cisco Live presentation in February, I take a crack at mapping ATT&CK’s massive ecosystem to roles and functions. Am I off to a good start? Let’s me share how I tackled this and you can let me know!

Continue reading

What’s causing Mike’s Indigestion now? Happy New Fear! (12 Jan 2024)

Good morning folks! I had a great time in Boston this week hanging out with a cool partner, but in my travels I gathered some updates on the threat side of things that we all should be aware of:

Score one for the good guys!

Cisco Talos and Avast teamed up with Dutch authorities to take down the Babuk Torilla ransomware strain’s key folks, and they have also worked together to provide a decryptor for potential victims.

Continue reading

Friend or foe? How killer baselines improve security outcomes

A month ago, we talked about how visibility can make us more frustrating victims to our adversaries. It makes sense – easy marks are those who don’t see that they are victims in the first place! Take victims of physical (traditional) crime. Burglers love a target who isn’t using alarm systems, cameras, or even their own eyes and ears to actively detect incursions. But having eyes and ears isn’t what makes you formidable. It is that you have those sensory inputs AND you know how to interpret what they are saying and how they respond. Do you know how to discern bad behavior from the norm and know how to tell between friend and foe? And do you know what the right response is based on that proper interpretation? We’re going to tackle the first question here today as we discuss how killer baselines improve security outcomes.

Continue reading
« Older posts Newer posts »
Verified by MonsterInsights