Collaborate Disseminate
Government agencies in the US and allied countries have released guidance on how organizations can define a baseline for event logging best practices.
The post US, Allies Release Guidance on Event Logging and Threat Detection appeared first on Security… Continue reading US, Allies Release Guidance on Event Logging and Threat Detection
I’ve recently came across to a currently active underground marketplace forum proposition that’s basically offering and selling Western Union and… Continue reading Profiling a Currently Active Vendor of Western Union and Banking Logs Including Stolen Credit Cards Transfer Details – An Analysis
Some years ago, during the renaissance of security information and event management (SIEM), security became log crazy. The hope was that by gathering logs from networking and security devices and running them through the SIEM, security events could be… Continue reading A Return to Logs to Unjam the Security Deficit
Look outside, we are in 2020 (can anybody really forget that?). So, we are not in 2002 anymore (perhaps the birth year of modern-ish SIEM), neither are we in 2012…
So, depending on how you count, SIEM technology (and SIM/SEM before it) has e… Continue reading Modern SIEM Mysteries
I’ve written about this before in this article but wanted to revisit it for this series. For this scenario I want to test what certain items might look like when they are AirDrop’ed from an unknown source. Many schools have been receiving bomb threats … Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 11] – AirDropping Some Knowledge
TCC Modifications in the Unified LogsTCC or Transparency, Consent, and Control keeps track of various application permissions. A user can make changes to an application’s permissions in the respective Privacy settings on macOS and iOS.
We’ve been trapped inside our homes for months. We’ve reached the end of Netflix, listened to everything on Apple Music, watched old vacation videos trying to remember what travel was like, and mindlessly browsed YouTube videos. All these actions have … Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 9] – We all know you’re binging Netflix! Now Playing on your Apple Devices!
A quick trick to get more info when you are testing different Unified log examples is to use Terminal’s man page lookup feature. This is useful to provide more context to processes that you may not be familiar with. Perhaps you have something interesti… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 8] – Man! What a process!?
There are many output styles options for the ‘log’ command. Sometimes the default output may not get you what you want. This article will walk through the various log output styles looking for USB Mass Storage Class devices using the keyword ‘USBMSC ‘…. Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 7] – Exploring USBMSC devices with –style
I’m sure many of us are working remote right now possibly using some of these remote capabilities. Remote Logins can include a few different services; SSH and Screen Sharing are two that I’ll show here. These services are disabled by default and w… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins