Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Category: Defensive Techniques (Page 6 of 6)

On the topic of Threat Hunting

October 30, 2023 /

All of us encounter the use (and misuse) of terms like threat hunting, threat modeling, threat intelligence, and threat picture.

  • Threat hunting is about leveraging knowledge of adversaries and the target system to proactively identify (and hopefully eradicate) threats before damage is incurred.
  • Threat Modeling is a structured approach used to identify, assess, and mitigate potential threats and vulnerabilities in a system, application, or environment – outlining the hypothetical ways that a threat might attack us.
  • Threat Intelligence (often called Cyber Threat Intelligence or CTI) characterizes the potential adversaries or troublesome events that might exploit those weaknesses, the organization’s most likely adversaries, attack vectors, and dependencies must be evaluated against that context.
  • The likely adversaries portion of threat modeling is often called the Threat Picture – an externally-focused view of the most likely attacks your organization will face. 
Continue reading

Adventures in Zeek – Background and Setup

October 29, 2023 /

A revelation during my studies with SANS revealed a lot of open source tools that I find amazing. One of those is the tool Zeek (formerly Bro) IDS. While I have enjoyed and been enriched by my studies of SiLK, Snort, Suricata, Tshark and TCPDump, Zeek is the tool that jumps out to me as that offering greatest potential to learn about and explore networks.

In this blog entry, we’re going to create a single-node Zeek sensor on our virtual host and turn it loose monitoring the network tap we have between our Core switch and the ESXi host. I am starting with Ubuntu 20.04 again, a minimal install, so we can get up and running and have some consistency with the ELK host we are also running. I know lots of distributions run these applications on CentOS/RedHat as well, and there are plenty of good blogs on installing it for yum/RPM based distributions, but we’ll stick with my feeble limitations for now😉

Continue reading

The Struggle is Real! Balancing Platform Simplicity and Complexity

June 27, 2019 /

I know this seems like a pretty weak byline, but bear with me. In studying for the GCIH exam I have been finding myself pondering some of the wisdom I have been given by John Strand, the VoD’s recorded instructor. In the course-ware, he stresses the need for an organization to truly understand their environment and patch efficiently, and that the best way to facilitate that might be to standardize on as few platforms as possible.The homogeneity of the environment will both simplify the  patching and vulnerability management AND make the environment easier to understand and thus protect.  This gets back to a fundamental concept in securing anything: you can’t protect what you aren’t aware of. Continue reading

Common Web App Defenses

June 28, 2018 /

If we step back and think about what customers are up against, it is truly staggering.  Building a secure web application and network are akin to building a nuclear reactor plant. No detail is small and insignificant, so one tiny failure (a crack, weak weld, or a small contamination), despite all of the good inherent in the design and implementation, can mean failure. A similar truth impacts web application security – just one flaw, be it a misconfiguration or omission in the myriad of components, can provide attackers with enough of a gap through which immense damage can be inflicted. And to add insult to injury, these same proactive defensive measures are relied upon in many environments to help detect these rare events (sometimes called black swan events). Network and application administrators have a tough job, and a white-hat’s purpose is to help them and their organization do it better.

Continue reading

Newer posts »

© 2024 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights