Forced authentication is a technique where threat actors can gather credentials by forcing a user to automatically provide authentication data and intercept responses. …


It’s critical that cybersecurity analysts have verbose endpoint visibility to detect and respond to attacks. System Monitor (Sysmon) is a utility provided by Microsoft to capture detailed process, network, and file change events, which can be used to detect endpoint staged attacks.

System Monitor (Sysmon) is a Windows system service…


Tor is open-source software that provides anonymity and privacy on the Internet.

Tor is a software suite and network that provides increased anonymity on the Internet. It creates a multi-hop proxy network and utilizes multilayer encryption to protect both the message and routing information. [1]

While Tor provides a valuable…


In the story Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs the process of moving files via rsync, installing YARA, and creating a signature for the weevely web shell was covered. Additionally, the story Web Shells. …


An overview of a web shell with a hands-on lab was covered in the post Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs. The following post will expand on this initial lab to provide additional detection strategies using Splunk as a security information and event management (SIEM)…


As a cybersecurity leader, your organization most likely runs a publicly facing web site. …


Visibility into unique organizational machine data is a core capability for cybersecurity teams and provides the foundation to building incident detection capabilities. …


YARA is a powerful analysis tool that can be integrated into organizational cybersecurity processes to improve malware detection and prevention capabilities.

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. [1]

Using an adversary model like MITRE ATT&CK, cybersecurity leaders…


Cost Justification. The Tough Questions.

As a cybersecurity leader, have you been asked the following questions:

  • Why are we spending this amount on a technology?
  • What value does this provide to the business?
  • Are other business units using this technology?

Was it a challenge to answer these questions? If so, building a data source cost…

Mark Ernest

Dad, husband, cybersecurity practitioner, developer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store