Amateur Security Archaeologists, trying not to break things.

Tag: Security (Page 7 of 11)

Friend or foe? How killer baselines improve security outcomes

A month ago, we talked about how visibility can make us more frustrating victims to our adversaries. It makes sense – easy marks are those who don’t see that they are victims in the first place! Take victims of physical (traditional) crime. Burglers love a target who isn’t using alarm systems, cameras, or even their own eyes and ears to actively detect incursions. But having eyes and ears isn’t what makes you formidable. It is that you have those sensory inputs AND you know how to interpret what they are saying and how they respond. Do you know how to discern bad behavior from the norm and know how to tell between friend and foe? And do you know what the right response is based on that proper interpretation? We’re going to tackle the first question here today as we discuss how killer baselines improve security outcomes.

Continue reading

What’s causing Mike’s Indigestion now? I’ll be Pwn for the Christmas! (22 Dec 2023)

Good day folks! I’m prepping for my holiday shutdown here at Cisco, but before I do, I have a threat update including some interesting developments on vulnerability hoarding that would make the Grinch cringe. But first:

Continue reading

Describing a Snowflake: How to describe Web Applications

I have this nasty habit of committing to teach things. Things I probably have no business teaching, but I find that lighting the fire motivates me to learn quickly. Earlier this week, I had an opportunity to share some of what I learned about how to describe web applications from a security standpoint. I had gone through this learning process sometime before, but with all of the craze around cloud, native and different XaaS offerings, I thought it would be a great time to refresh my knowledge and then pass a little bit of that on. My end goal was to teach security minded folks what makes a web application different than other parts of an attack surface. Whoops!

Continue reading

What’s causing Mike’s Indigestion now? Cozy Bear Blizzards! (15 Dec 2023)

Good morning folks! I have some updates on the threat side of things that we all should be aware of:

In our first update, Russian SVR-backed pests known as APT29, CozyBear, NOBELIUM or the MS name of “Midnight Blizzard” are following the lead of North Korean adversaries. They’re exploiting a really bad JetBrains TeamCity vuln (CVE-2023-42793/9.8 CVSS) to manipulate source code, sign certs, and push updates. TeamCity is a CI/CD tool that helps run DevOps, sort of like Travis CI, Jenkins, CircleCI, and more. So it has the potential to be like SolarWinds issues a couple of years ago. Now appears they have patiently used it to get into more of the supply chain and gain as-of-yet dormant footholds. They are even using Dropbox to help mask their C2 – Yikes!

Continue reading

How visibility makes you the most frustrating victim

Who hasn’t hear this one: “the attacker only need to be right once, and they are a success”. Indeed, the corollary is said just as often: “you only need to be wrong once and you’re screwed!” All of that makes you feel a little helpless, right? Helpless folks give up – and good luck getting them to deal with the myriad of issues that are inherent to securing their environments! We’re going to see how we can turn the tables here, and the first step is to see how visibility makes you a most frustrating victim for adversaries!

Continue reading
« Older posts Newer posts »
Verified by MonsterInsights