Collaborate Disseminate
I see this happening allot: developers need to test stuff, have a self-signed certificate that causes an error, and they just switch verification off globally (like in this example). The hack gets forgotten and then the code … Continue reading Is there an easy way to detect clients that ignore certificate validation errors (in production)?
As we are preparing for a project to update our famed SIEM and SOC guidance documents, let’s have a quick discussion of so-called “SIEM alternatives.” If you recall my funny post “Is SIEM The Best Threat Detection Technology, Ev… Continue reading SIEM Alternatives? What Are They? Do They Exist?
I recently made a post about an audio steganography program and had another concern I thought I might ask. I understand that most music has DRM in them. If I hide secret files in audio files with DRM can an adversary see that… Continue reading Audio steganography and DRM
We worked too damn hard developing these papers (and one more to come out on this topic), so we will be focusing on updates to our key existing papers next quarter. “Hard work never killed anybody, but why take chances” is the slogan for th… Continue reading Next Research: SOC, SIEM, and Again Overall Detection and Response
I want a proxy, preferably my own but I would be glad if there is a reliable service already, that is undetectable. Obviously, it does not send X-Forwarded-For. But it has to be much more than that to be undetectable. I have … Continue reading How to create a proxy so that no website or web service can know that I am connecting through a proxy?
How can I make one computer (or several computers) from one network look like its coming from different networks to a website. When trying to fill out a form on a website its not registering different computers from my LAN as… Continue reading How can I make a computer from my Network look like its coming from two networks [on hold]
I recently heard that AVG and AVAST shared their malware signature databases (avast forum)
Which AV vendors share their signature databases or use the same engine for detecting malwares? Based on your experiences or exact pr… Continue reading Which Anti-Virus companies share their signature databases?
A quick question just be safe, is it still possible for a school to monitor what I’m looking up and what websites I’m accessing if I’m in private mode on google chrome canary while also using Ultrasurf, which is a free proxy … Continue reading If I’m using private mode for google chrome and a free web proxy, is it still possible for the school to monitor what I’m looking up on my macbook?
Continuing where we left off in The HELK vs APTSimulator – Part 1, I will focus our attention on additional, useful HELK features to aid you in your threat hunting practice. HELK offers Apache Spark, GraphFrames, and Jupyter Notebooks &#… Continue reading toolsmith #132 – The HELK vs APTSimulator – Part 2
Continuing where we left off in The HELK vs APTSimulator – Part 1, I will focus our attention on additional, useful HELK features to aid you in your threat hunting practice. HELK offers Apache Spark, GraphFrames, and Jupyter Notebooks as par… Continue reading toolsmith #132 – The HELK vs APTSimulator – Part 2