Mark Ernest – Medium

Nov 19, 2020

Forced Authentication Detection Using Sysmon With A Hands-On Lab.

Forced authentication is a technique where threat actors can gather credentials by forcing a user to automatically provide authentication data and intercept responses. …

Cybersecurity

6 min read

Forced Authentication Detection Using Sysmon With A Hands-On Lab.

Nov 16, 2020

End Point Visibility with Sysmon. A Hands-On Lab Using BITS Jobs.

It’s critical that cybersecurity analysts have verbose endpoint visibility to detect and respond to attacks. System Monitor (Sysmon) is a utility provided by Microsoft to capture detailed process, network, and file change events, which can be used to detect endpoint staged attacks. System Monitor (Sysmon) is a Windows system service…

Cybersecurity

8 min read

End Point Visibility with Sysmon. A Hands-On Lab Using BITS Jobs.

Nov 3, 2020

Tor Detection Automation With Hands-On Lab.

Tor is open-source software that provides anonymity and privacy on the Internet. Tor is a software suite and network that provides increased anonymity on the Internet. It creates a multi-hop proxy network and utilizes multilayer encryption to protect both the message and routing information. [1] While Tor provides a valuable…

Cybersecurity

6 min read

Tor Detection Automation With Hands-On Lab.

Oct 18, 2020

Web Shells. YARA Log Collection Automation With Hands-On Lab.

In the story Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs the process of moving files via rsync, installing YARA, and creating a signature for the weevely web shell was covered. Additionally, the story Web Shells. …

Cybersecurity

8 min read

Web Shells. YARA Log Collection Automation With Hands-On Lab.

Oct 13, 2020

Web Shells. Additional Detection Strategies with Splunk Hands-On Labs.

An overview of a web shell with a hands-on lab was covered in the post Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs. The following post will expand on this initial lab to provide additional detection strategies using Splunk as a security information and event management (SIEM)…

Cybersecurity

13 min read

Web Shells. Additional Detection Strategies with Splunk Hands-On Labs.

Oct 5, 2020

Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs.

As a cybersecurity leader, your organization most likely runs a publicly facing web site. …

Cybersecurity

11 min read

Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs.

Sep 28, 2020

Enterprise Visibility with Splunk. The Building Blocks for Incident Detection.

Visibility into unique organizational machine data is a core capability for cybersecurity teams and provides the foundation to building incident detection capabilities. …

Cybersecurity

6 min read

Enterprise Visibility with Splunk. The Building Blocks for Incident Detection.

Sep 27, 2020

YARA. A Powerful Malware Analysis Tool.

YARA is a powerful analysis tool that can be integrated into organizational cybersecurity processes to improve malware detection and prevention capabilities. YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. [1] Using an adversary model like MITRE ATT&CK, cybersecurity leaders…

Cybersecurity

6 min read

Sep 22, 2020

Data source cost models. How much does your visibility cost?

Cost Justification. The Tough Questions. As a cybersecurity leader, have you been asked the following questions: Why are we spending this amount on a technology? What value does this provide to the business? Are other business units using this technology? Was it a challenge to answer these questions? If so, building a data source cost…

Cybersecurity

4 min read

Data source cost models. How much does your visibility cost?