Continuous Testing and Auditing - Purple Teaming Activity — BAS overview BAS is a type of an advanced security testing method. It is designed to determine if an organisation’s existing security controls detects and respond to attack as they should in order to improve the security posture of the organisation. Some of the BAS Platforms are: The below diagram shows where…

Study Guide 9th edition — Research, Implement and manage Engineering processes using secure design principles Threat Modelling Prioritizing threats against an organisation’s valuable assets. 3 common Threat Modelling Techniques to Identify Threats: Focused on Assets Focused on Attackers Focused on Software Threat Modelling Approach Process for Attack Simulation and Threat Analysis (PASTA) A seven-stage threat modelling methodology. PASTA is a risk-centric approach that aims at selecting or…

There are various Threat Intelligence sources that shares threat information with each other to help identify those threats in their organisation and respond to those issues. Some of these Threat Intelligence platforms are: AlientVault MalwareBytes CISA WhoisXMLAPI CiSP MITRE CRITS In MISP, these Threat intelligence sharing platforms are mostly integrated…

Take Adversary’s perspective in Defender’s Team — Having recently completed the ‘Foundations of Operationalizing MITRE ATT&CK’ course, I thought it’ll be useful to share some of the key notes and share with you all that I’ve learnt from this widely-recognised and accepted defense framework in Cyber Security. Intro to MITRE ATT&CK A framework where defenders takes the adversary’s perspective to find…

RCE and SSRF Vulnerabilities — Reconnaissance & Enumeration Nmap TCP/UDP Scan Output

AWS — Advantages of using Cloud Instances OpEx Investment for businesses at low cost Using Cloud storage for data backup storgae Ease of Use Low maintenance cost Advanced data security AWS Cloud AWS offers Free tier for upto 12 months. This includes: 750 hours of t2.micro (or t3.micro in the Regions in which t2.micro is unavailable) instance usage on…

Exploiting Windows IoT Core using SireRAT — Summary This is a windows IoT machine vulnerable to Remote Code Execution (RCE). A Remote Access Trojan (RAT) tool called SirepRAT is used to exploit this vulnerability to get root. OS: Windows 10 IOT Core x64bit Architecture Tools Used: nmap SirepRAT — Windows IOT RCE Reconnaissance and Enumeration - NMAP TCP Output

Blue Team SOC Activity — What is Security Alerts Tuning? A constant process of removing and reducing false-positive alerts volume to increase accuracy. It also helps improve CPU’s performance by reducing process-overloading. Before tuning, first identify the suitable tuning point as there are some different ways to tune an alert. These are: Tuning in Security Onion Tuning in SIEM Tuning…

Study Guide 9th Edition — Chapter 5 Identifying and Classifying Information & Assets Personally Identifiable Information (PII) i.e. any information that can identify an individual — NIST. Protected Health Information (PHI) i.e. health-related information — HIPPA Proprietary Data i.e software code, product’s technical plans, intellectual property or trade secrets