Collaborate Disseminate
While working at TrustedSec, I was issued a new company-furnished laptop to work from. While the Mac OS environment was useful, I found it useful to also setup an Ubuntu virtual machine. One reason is so I can have access to a Linux host that is very similar to the garden variety of Linux systems…
The post Linux History File Timestamps appeared first on TrustedSec.
In the first Back to Basics blog we discussed cyber hygiene and some fundamental security practices one can take to quickly assess their current cybersecurity posture and identify, prioritize, and mitigate visibility gaps. This post focuses on account management measures and how proactive identification and regulation can drastically elevate your security posture. Routine cyber hygiene…
The post Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene—Part 2 appeared first on TrustedSec.
Continue reading Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene—Part 2
A tabletop exercise (TTX) measures more than an organization’s technical capabilities and adherence to an incident response plan—it facilitates the confluence of personalities and team cultures, in turn revealing friction not only in processes but also in team dynamics. The success of an organization’s response in both a TTX scenario and, more importantly, a real-world…
The post How Your Team’s Culture Determines the Value of Your Tabletop Exercise appeared first on TrustedSec.
Continue reading How Your Team’s Culture Determines the Value of Your Tabletop Exercise
During an Incident Response case, the TrustedSec IR team came across a novel method used by an attacker to maintain access to the target’s servers. After gaining access to the systems, the attacker then modified a DLL required by a service to include malicious code. This video demonstrates a similar process for embedding malicious code…
The post Video Blog: Using DLL Persist to Avoid Detection appeared first on TrustedSec.
Continue reading Video Blog: Using DLL Persist to Avoid Detection
Summary Basic SIEM requirements should be in place to create mature detections for a variety of log sources, including network logs, system logs, and application logs (including custom applications). This focuses on Security Operations and does not include the engineering side of SIEM management, e.g., licensing, hardware/cloud requirements, retention needs, etc. Each component of the…
The post Detection and Alerting: Selecting a SIEM appeared first on TrustedSec.
1 Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘golden’ opportunity. If you’re an enterprise defender, it’s something you need…
The post Splunk SPL Queries for Detecting gMSA Attacks appeared first on TrustedSec.
Continue reading Splunk SPL Queries for Detecting gMSA Attacks
On March 29, 2022, a security researcher with the handle p1n93r disclosed a Spring Framework remote code execution (RCE) vulnerability, which was archived by vx-underground. This vulnerability, known as Spring4Shell, affects applications that use JDK v9 or above that run Apache Tomcat as the Servlet Container in a WAR package and use dependencies of the…
The post CVE 2022-22965 (Spring4Shell) Vulnerability appeared first on TrustedSec.
Continue reading CVE 2022-22965 (Spring4Shell) Vulnerability
Opening Hopefully you all were able to read our recent Threat Hunting whitepaper and had the chance to listen to our latest Threat Hunting webinar. These references should be used as the foundation of information, which leads us into the next journey: how to build out your first Threat Hunt. Building out an organization’s Threat…
The post Simplifying Your Operational Threat Hunt Planning appeared first on TrustedSec.
Continue reading Simplifying Your Operational Threat Hunt Planning
TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management…
The post TrustedSec Okta Breach Recommendations appeared first on TrustedSec.
Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of…
The post Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene appeared first on TrustedSec.
Continue reading Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene