Collaborate Disseminate
I had a tab randomly open up that was for adware. Luckily, it was caught by my ad blocker, but I would like to figure out what triggered it to open.
I tried checking its history state through console, but I found nothing interesting. I t… Continue reading Does chromium keep logs of the events leading up to opening a new tab? [migrated]
I am wondering some issues about event log safety of powershell. I think is it possible to alter the powershell itself. But theorically the event log should show us every attempt made in powershell such as opening commands or codes that ma… Continue reading Can already opened event logs of PowerShell’s event properties screens on Windows be hacked by hackers in milliseconds?
I am wondering some issues about event log safety of powershell. I think is it possible to alter the powershell itself. But theorically the event log should show us every attempt made in powershell such as opening commands or codes that ma… Continue reading Can already opened event logs of PowerShell’s event properties screens on Windows be hacked by hackers in milliseconds?
CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s Natio… Continue reading Logging Made Easy: Free log management solution from CISA
I have a default KQL below which is used to detect when Cisco ISE failed backup, it fires an alert in Sentinel.
But it is not working as expected – it does fire an alert, but returning a timestamp only.
Nonetheless, I can see it is also su… Continue reading Configured KQL not working properly – CiscoISE event 60095 and 60098
I’m currently designing an API endpoint to validate a customer, and they can either pass in their postcode or their last name, as well as their customer ID (plus some other irrelevant data).
I’ve heard that including PII or sensitive data … Continue reading Is it a security issue to include postcode and/or last name in a GET request query string?
Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have annou… Continue reading Thanks Storm-0558! Microsoft to expand default access to cloud logs
Is it possible to determine whether someone has hijacked a RDP session with tscon?
I tried to look into TerminalService-LocalSessionManager logs, the EventID 25 looks much like it, but a normal reconnect would create the same log entry.
An… Continue reading Detect tscon execution from event logs
Is it possible to determine whether someone has hijacked a RDP session with tscon?
I tried to look into TerminalService-LocalSessionManager logs, the EventID 25 looks much like it, but a normal reconnect would create the same log entry.
An… Continue reading Detect tscon execution from event logs
Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those credentials can then be used log in to any of the organization’s platforms tha… Continue reading A common user mistake can lead to compromised Okta login credentials