Posts
This site is a toolkit for Security Auditors or professionals
I. Introduction A. Definition of the Tyranny of the Urgent Urgency often leads to prioritizing tasks that seem most pressing, which may not always align with our long-term goals.
- Understanding the concept of urgency - How it affects our priorities and decision-making - Highlighting the distortion of priorities B. Importance of managing time effectively Effective time management is not just about being busy but about being productive.
Setting priorities, delegating tasks, and ensuring that efforts are directed towards goals that bring the most value.
Guidelines for Detection Engineering in Dynamic Systems Hello, detection engineering does not have to be overcomplicated. This article will help you and your team build detection engineering considerations.
Find the tools to establish these values and create a table-top exercise game for your team here.
Understand the System System Understanding: Begin by gaining a deep understanding of the dynamic system you’re responsible for detecting anomalies in. This involves learning how the system operates, the significance of control actions, the impact of system noise, and the expected behavior under normal conditions.
This article discusses five different decision-making domains, each with its unique characteristics and approaches:
Decision-Making Domain Problem-Solving Method Description Clear Domain Sense–Categorize–Respond Well-understood situations with established rules and clear cause-and-effect relationships. Complicated Domain Sense–Analyze–Respond Complex situations where expertise is needed, and multiple valid approaches are possible. Complex Domain Probe–Sense–Respond Dealing with “unknown unknowns,” where cause and effect are unpredictable. Chaotic Domain Act–Sense–Respond Highly unpredictable situations demanding immediate action to restore order.
There is no warranty of this information. Make changes after consulting with your organizations leadership and change management process. Changes you make here will impact your organizations security posture
Microsoft 365 admin center
Step 1 - Ensure a policy and procedure is in place at the organization:
In order for accounts to be effectively used in a break-glass situation, the proper policies and procedures must be authorized and distributed by senior management.
Exploring Attack Patterns: Exploiting Software Weaknesses Beyond Expectations Quality Assurance efforts usually focus on testing that the feature works as expected. In the security world, we examine the software functions in ways never imagined to give us more access to resources and data.
Key Questions for Understanding the Technology To understand a technology or system, consider the following key questions:
How does the technology work? What are the data inputs? What are the data outputs?
Authentication and Password Strength Guidelines Authentication Solution and Sensitive Accounts Do NOT allow login with sensitive accounts (used internally within the solution) to any front-end user-interface. Do NOT use the same authentication solution (e.g., IDP / AD) for unsecured access (e.g., public access / DMZ) as used internally. Proper Password Strength Controls A critical aspect of authentication is password strength. A strong password policy is essential to protect against unauthorized access.
Active Directory Privileged Access Introduction The challenge of understanding the access privileges of various groups in Active Directory. Often, the full impact of a group’s access is not fully comprehended by the organization. Attackers frequently exploit access, even if it’s not always privileged access, to compromise Active Directory. Components of Access Rights Active Directory group membership. AD groups with privileged rights on computers. Delegated rights to AD objects through modifications of default permissions (for security principals, both direct and indirect).
Threat Assessment and PowerShell Introduction In a structured approach to threat assessments, defenders turn to multiple reliable sources to provide prioritized best practices for defending against the top five most common attacks observed across the community. Additionally, they focus on threats posed by Cyber Threat Actors (CTAs) who utilize Living off the Land (LotL) attacks.
PowerShell and Its Benefits Automation: Administrators can automate tasks using PowerShell cmdlets, reducing the need for manual configurations, especially for tedious tasks.
Enhanced Disaster Recovery Plan for Systems Administrators Change Control Considerations before you begin this project Change Control and Implementation Plan Change Control Record A Change Control Record is a crucial component of the change management process. It contains the following key details:
Change Request Number: A unique identifier for tracking changes. Change Request Date: The date when the change request was initiated. Requested by - Name and Position: Identify the individual responsible for the change.
Methods of Gaining Initial Access in Cybersecurity Cyber attackers, like “Octo Tempest,” employ various methods to gain initial access to organizations. These methods include:
Social Engineering: Deceptive tactics to manipulate employees. Phone-Based Social Engineering: Tricking users into taking actions like installing malicious software or revealing information. Installing a Remote Monitoring and Management (RMM) utility. Navigating to fake login portals. Removing a FIDO2 token. Manipulating the help desk to reset passwords or change/add multi-factor authentication.
Detection Engineering Building an effective detection engineering system requires time, a scope and an understanding of the signals analysis you desire to perform. You should conduct training and assessments of your detection engineering environment focusing on understanding the threat model for your organization. When you consider how you will calcuate ‘risk’ I suggest that you use accessible language, this tool is focused on providing quantification and qualification of risk and even includes a random number generator to roll your chances based on 10,000 roles.
User Guide for Graphical Representation This user guide provides an overview of a graphical representation created using the Mermaid library. The diagram visualizes the relationships and connections between various elements within a system, including an Active Directory structure, a Trouble Ticket Mapping System, Primary Work Role ID Mapping, and Relationship Mapping.
Active Directory The “Active Directory” is represented as a subgraph and contains a hierarchy of elements within it:
Root (A) is the top-level element.
This is where the rubber hits the road, and it’s your opprotunity to shine. Book a free no obligation call click here
Evaluation/Improvement Phase (Steps 7-10) Step 7: Process Evaluation - Collect and analyze data on the execution of prevention activities. Step 8: Outcome Evaluation - Measure the impact of prevention activities on desired outcomes. Step 9: Continuous Quality Improvement (CQI) - Review data and past decisions to enhance prevention activities. Step 10: Sustainability for a Prevention Activity - Plan for the long-term sustainability of successful prevention activities. Follow these steps to effectively plan, implement, evaluate, and improve your prevention initiatives.
Planning Phase (Steps 1 -6) Step 1: Assessing Problems and Resources - Identify and select priority problems for your prevention activity. - Understand the available resources. Step 2: Setting Goals and Desired Outcomes - Define a vision, goals, and specific outcomes for your prevention activity. Step 3: Evidence -Based and Promising Practices - Select prevention activities with evidence of effectiveness. Step 4: Assessing Fit for a Prevention Activity - Evaluate how well selected activities fit the target population, community, and mission.
Guide to System Engineering Process Introduction As a systems engineer, your role is crucial in ensuring the stability and reliability of complex systems. This guide will help you understand and navigate the system engineering process using the provided diagram as a reference.
1. Increasing the Time Between Failures The primary goal of a systems engineer is to increase the time between system failures. This can be achieved through the following strategies:
Improving Detection and Visibility: A Blue Teaming Approach
Agenda
Introduction Brief overview of the importance of detection and visibility. Data Source Quality Assessment Administer and score data sources. Evaluate the reliability and accuracy of each source. Endpoint Visibility Gain insights into endpoint visibility. Map your current understanding of endpoint activities. Detection Coverage Mapping Evaluate the coverage of your detection mechanisms. Identify gaps in your detection capabilities. Agenda (contd.)
Threat Actor Behaviors Understand common threat actor behaviors.
ACTIONS TO TAKE TODAY TO MITIGATE MALICIOUS CYBER ACTIVITY: Continuously remove and disable accounts and groups from the enterprise that are no longer needed, especially privileged accounts. Enable and enforce multifactor authentication with strong passwords. Store credentials in a secure manner, such as with a credential manager, vault, or other privilege account management solution.
Understanding and Mitigating LDAP Query Threats in Active Directory Environments LDAP (Lightweight Directory Access Protocol) is a widely used protocol for accessing and managing directory information services.