Table-Top Exercises – WindowsTechs.com

To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response

Posted on December 29, 2022 by Roza Maille

tl;dr Communications are critical during an incident. If you cannot coordinate, collaborate, and inform actions and information about an incident, the incident response will eventually fail. Normally, this isn’t an issue, as organizations have resources like Microsoft 365 email, SharePoint, Slack, and Teams to use to communicate with each other. However, what happens when those…

The post To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response appeared first on TrustedSec.

Continue reading To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response→

Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene—Part 2

Posted on October 11, 2022 by Roza Maille

In the first Back to Basics blog we discussed cyber hygiene and some fundamental security practices one can take to quickly assess their current cybersecurity posture and identify, prioritize, and mitigate visibility gaps. This post focuses on account management measures and how proactive identification and regulation can drastically elevate your security posture. Routine cyber hygiene…

The post Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene—Part 2 appeared first on TrustedSec.

Continue reading Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene—Part 2→

How Your Team’s Culture Determines the Value of Your Tabletop Exercise

Posted on September 13, 2022 by Nathan Noll

A tabletop exercise (TTX) measures more than an organization’s technical capabilities and adherence to an incident response plan—it facilitates the confluence of personalities and team cultures, in turn revealing friction not only in processes but also in team dynamics. The success of an organization’s response in both a TTX scenario and, more importantly, a real-world…

The post How Your Team’s Culture Determines the Value of Your Tabletop Exercise appeared first on TrustedSec.

Continue reading How Your Team’s Culture Determines the Value of Your Tabletop Exercise→

CVE 2022-22965 (Spring4Shell) Vulnerability

Posted on April 1, 2022 by Nathan Noll

On March 29, 2022, a security researcher with the handle p1n93r disclosed a Spring Framework remote code execution (RCE) vulnerability, which was archived by vx-underground. This vulnerability, known as Spring4Shell, affects applications that use JDK v9 or above that run Apache Tomcat as the Servlet Container in a WAR package and use dependencies of the…

The post CVE 2022-22965 (Spring4Shell) Vulnerability appeared first on TrustedSec.

Continue reading CVE 2022-22965 (Spring4Shell) Vulnerability→

Simplifying Your Operational Threat Hunt Planning

Posted on March 30, 2022 by Amanda Mates

Opening Hopefully you all were able to read our recent Threat Hunting whitepaper and had the chance to listen to our latest Threat Hunting webinar. These references should be used as the foundation of information, which leads us into the next journey: how to build out your first Threat Hunt. Building out an organization’s Threat…

The post Simplifying Your Operational Threat Hunt Planning appeared first on TrustedSec.

Continue reading Simplifying Your Operational Threat Hunt Planning→

TrustedSec Okta Breach Recommendations

Posted on March 23, 2022 by Amanda Mates

TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management…

The post TrustedSec Okta Breach Recommendations appeared first on TrustedSec.

Continue reading TrustedSec Okta Breach Recommendations→

Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene

Posted on March 9, 2022 by Amanda Mates

Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of…

The post Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene appeared first on TrustedSec.

Continue reading Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene→

Update: The Defensive Security Strategy

Posted on September 9, 2021 by Amanda Mates

Original post: https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are they occurring? While common issues are often leveraged, the mentality around them is…

The post Update: The Defensive Security Strategy appeared first on TrustedSec.

Continue reading Update: The Defensive Security Strategy→

Who Left the Backdoor Open? Using Startupinfo for the Win

Posted on February 18, 2021 by Amanda Mates

In the endless quest to research additional Windows system forensic artifacts to use during an Incident Response investigation, I stumbled across something I thought was cool. This definitely wasn’t a new artifact, it was just a specific native Windows XML file that I wasn’t aware of. I noticed this file was not commonly used from…

The post Who Left the Backdoor Open? Using Startupinfo for the Win appeared first on TrustedSec.

Continue reading Who Left the Backdoor Open? Using Startupinfo for the Win→