Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Category: Security Concepts (Page 4 of 8)

AI-generated image of a bounty hunter from a galaxy far far away trying to learn about Cyber Threat Intelligence via their computer.
One sec, I think some scruffy-looking nerf herder just tripped my honeypot!

This is the Way: Beginning my Cyber Threat Intelligence Journey

January 29, 2024 /

I have gotten older, I find I’m less eager learn the depths of every technical solution, and have been searching for my happy place. Since my SANS studies, I have gravitated towards an area that is – from what I can see – fun as heck. That area? Cyber Threat Intelligence (CTI). My rookie impression is that this vast world is understaffed and under-supported, and this might be because organizations are so busy looking for operators that they don’t classify this role as mission critical. Fast forward to today: I spent a good part of the day listening into the SANS CTI Conference virtually, and I took away two things. First, there are some wicked sharp folks who have a passion in this area. Second, while I am not likely to become a full-fledged CTI professional, I sure want to learn more and incorporate what I can to help organizations see CTI’s value. This post launches my cyber threat intelligence journey.

Continue reading
AI-generated photo of a bunch of hackers seemingly posing for a reunion photo.
Conti really wanted to make the 10th reunion, but extradition stood in the way...

What scares you most? How great Threat Pictures are made!

January 22, 2024 /

Most of the posts in the past couple of months have focused on threat modeling tools and use cases. Process-level stuff is interesting, but how do we make sure the inputs are valid? My good friend Mark and I explore that with customers during our Cisco Live interactive breakout, and the things we learn are eye-opening! You can have all the process in the world, but if the inputs are trash, so too will be the outputs. How do we get to the root of it all: What scares you most? We need to ensure we aren’t just wasting our time, right? So how do we paint a great threat picture?

Continue reading
AI-generated image of a hacker in an aloha shirt trying like crazy to put together a very complex puzzle of all of MITRE ATT&CK's related projects.
MITRE sent me an easy puzzle, but the community blew up the piece count!

Power-up your security: Mapping ATT&CK’s massive ecosystem

January 14, 2024 /

If you are a security professional, MITRE’s ATT&CK is everywhere these days. Even in places it does not belong! That being said, there are a ton of tools, projects, and extensions to ATT&CK. Some are fundamental (like Navigator) while others are niche. How do we tell what is right for us? What projects are essential to power up your security program? For my upcoming Cisco Live presentation in February, I take a crack at mapping ATT&CK’s massive ecosystem to roles and functions. Am I off to a good start? Let’s me share how I tackled this and you can let me know!

Continue reading
AI-generated image of a hacker in a hoodie playing an upright bass
Something about that bass-player's groove was just off...

Friend or foe? How killer baselines improve security outcomes

January 8, 2024 /

A month ago, we talked about how visibility can make us more frustrating victims to our adversaries. It makes sense – easy marks are those who don’t see that they are victims in the first place! Take victims of physical (traditional) crime. Burglers love a target who isn’t using alarm systems, cameras, or even their own eyes and ears to actively detect incursions. But having eyes and ears isn’t what makes you formidable. It is that you have those sensory inputs AND you know how to interpret what they are saying and how they respond. Do you know how to discern bad behavior from the norm and know how to tell between friend and foe? And do you know what the right response is based on that proper interpretation? We’re going to tackle the first question here today as we discuss how killer baselines improve security outcomes.

Continue reading
image depicting digital-themed snowflakes, each uniquely designed to represent different web applications, as they gently fall to the ground in a serene winter landscape.
Which of these snowflakes is my electric company's customer service portal? Because I have some feedback!

Describing a Snowflake: How to describe Web Applications

December 21, 2023 /

I have this nasty habit of committing to teach things. Things I probably have no business teaching, but I find that lighting the fire motivates me to learn quickly. Earlier this week, I had an opportunity to share some of what I learned about how to describe web applications from a security standpoint. I had gone through this learning process sometime before, but with all of the craze around cloud, native and different XaaS offerings, I thought it would be a great time to refresh my knowledge and then pass a little bit of that on. My end goal was to teach security minded folks what makes a web application different than other parts of an attack surface. Whoops!

Continue reading
« Older posts Newer posts »

© 2024 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights