Infosec – Blog

Differences in cloud security (Alibaba, Amazon, Google, IBM, Microsoft)

Fabian
posted on September 19, 2020September 19, 2020
No Comment

I recently had a look at the security assessments of different well-known cloud providers and found some interesting discrepancies. It shows at least four things in my opinion: There are indeed

Posted in Attribution, Infosec

Who the hæck?Attribution in cybersecurity

Fabian
posted on September 16, 2020September 17, 2020
No Comment

While we are getting used to hearing news on a daily basis about hacking attacks, much less do we read details on who is responsible. The reason is clear: In cyberspace, there are many ways to cover

Posted in HowTo, Infosec

SRPs block malware, but what if things stop working?

Fabian
posted on September 4, 2020September 5, 2020
No Comment

As I wrote in my last post on lateral movement, using AppLocker or Software Restriction Policies (SRPs) to avoid the execution of unknown or malicious software is good practice. While SRPs are older,

Posted in Infosec

Hello, somebody there? Or: The difficulty of detecting lateral movement

Fabian
posted on September 2, 2020September 5, 2020
No Comment

Lateral Movement is a key technique for attackers: Once they entered your infrastructure, the next step is to look around and move horizontally (i.e. to other, possibly more valuable machines and

Posted in Infosec

Which layer for encryption? Which for VPNs?

As more people work from home, VPNs are in peak season. Recently I discussed with a network engineer the advantages and disadvantages of IPsec VPNs versus TLS-based VPNs. With this discussion in mind

Posted in HowTo, Infosec

Analyze Emotet and Trickbot with NetworkMiner and Suricata

As I explained in the previous post, NetworkMiner and Suricata are a great combination for performing quick and straightforward network forensics on captured traffic. Overview NetworkMiner provides a

Posted in HowTo, Infosec

Quick and easy setup for NetworkMiner and Suricata to perform network forensics

Many people know Suricata as network intrusion detection (IDS) system, i.e. acting on live traffic; many people know NetworkMiner as network forensics tool, i.e. acting on recorded traffic (e.g. in

Posted in Infosec

Sysmon v11.10 reads Alternate Data Streams

A few days ago, the new version 11.10 of Sysinternals Sysmon was released. Despite the minor version increase from 11.0 it ships with an exciting new feature: Reading NTFS Alternate Data Streams

Posted in Infosec

Collection of Windows commands abused by attackers

Only recently I stumbled upon a slightly dated but still relevant post published on the Japanese CERT blog: Windows Commands Abused by Attackers. The list is separated into the different attack

Posted in HowTo, Infosec, Python

Script to enumerate Windows events with name, ID, security monitoring recommendation, URL

When setting up and tuning a SIEM solution, you will write a lot of rules to detect well-known and arising security threats. If you need to protect systems running on Windows, you can use