Collaborate Disseminate
I’m working for a client who has built a Medical product that is built on top of Windows 10. The application logs have to be manually extracted via USB, however the client only wants specific, preauthorized USBs to be allowed to attach.
Is… Continue reading Only allow approved USB devices to connect to device
When security tools quarantine files, why do they tend to use encryption, rather than simple file corruption?
The main goal of quarantining a file is to make it impossible to run on a system. This particular goal is easily accomplishable b… Continue reading Security Tools – File Encryption vs Corruption
If we want to detect all Antivirus/Endpoint protection currently installed on a Windows machine?
What is the best approach?
Is there a list of registry locations we can read/iterate? Industry standards?
We see each vendor has its own logic… Continue reading Detect what antivirus installed on Windows Operating system
I received a report of the endpoint detecting some activity to a particular IP address. I interviewed the user and the user found a winning prize link but the content was empty. Then I found activity detected going to the IP address which … Continue reading Fake Link being contacted by C2 server [closed]
I was wondering how EDR isolates hosts from the network but somehow allows the EDR solution to interact with it.
For example: how does Carbon Black EDR isolation work? You can isolate and unisolate the host from the dashboard.
I’m looking at creating a healthcheck dashboard that at a glance shows you information about all our services including:
Are they running
What sem version they are running
The most recent commit hash of the code they are running.
What I … Continue reading Is it safe to expose a commit hash on a public healthcheck endpoint?
Let’s say an online system uses mostly endpoint storage for storing all kinds of private or sensitive data for each of the client/user, this way the server at the least has some post-data-leakage security.
What I am concerned about are the… Continue reading How to prevent endpoint data from being modified and endpoint client application from being modified
I am looking for security examples where the order of log records, events, etc. is the key to find an anomaly, incident, etc. I’d like to prove that using sequential pattern matching (e.g. regex) is good for anomaly detection and sequentia… Continue reading Security use cases where the order matters
Platform Description:
I was planning to build a prepaid based global wire transfer platform that focuses on user privacy and security by using Payment API like Rapyd with using endpoint encryption, external X25519 and ED25519 manual TLS on… Continue reading What could be the threats faced by decentralized payment platform and users as server
As part of incident response to malicious code outbreak and given the hash value of the malicious artifact, I would like to search across the entire organization for this specific hash value.
Do you know of best practices or solutions that… Continue reading Enpoint protection: How to search an organisation for hash value