Using ElastAlert to Help Automate Threat Hunting
I first want to say thanks to CyberWarDog for his fantastic lab walk through for setting up a Threat Hunting Lab. It is hands down the best guide I have read to getting started with Threat Hunting. I followed his guide and got my lab completely setup. I then decided...
Read More
Honey Accounts
I recently saw a tweet mentioning the use of an AD account with the password in the description attribute and logon hours set to none. I can’t find that tweet anymore so I apologize for the lack of attribution. The idea is that when someone does breach your network perimeter,...
Read More
HTTP Security Headers
HTTP security headers seem to be findings on nearly every assessment I have been doing lately. I decided to come up with some handy quick references for these headers in order to better understand them. HTTP Response headers are a way for a server and client to exchange information. In...
Read More
How I Gained Access to Nearly Half A Million College Transcripts
Last year I spent some time digging into bug bounty programs. Since I was quite new to the scene, I spent most of my time just figuring out how a lot of the tools worked, as well as figuring out a good process that worked for me. I spent loads...
Read More
How I Got Started in InfoSec
Lately there seems to be a huge movement to help get more people in infosec roles. I have been seeing more and more talks at cons regarding this topic as well as helpful blogs and other resources. There is even a project called InfoSec Mentors that helps put mentees in...
Read More
Basics of Windows Incident Response
For most people, including me, it is difficult to determine just what is “normal” when looking for signs of a compromised host. As someone who has done multiple CCDC’s as a blue teamer, I can say that this is easily one of the biggest struggles since it affects incident response...
Read More