Mark Ernest – Medium

Aug 2

Using the Splunk SDK for Python to Programmatically Save Alerts

Introduction The following post is intended to be the first in a series that will explore practical approaches, leveraging modern software development concepts, to operationalize cyber threat intelligence and detection engineering for security operations center (SOC) functions. The posts will jump around in order, but the goal is to provide usable…

Splunk

7 min read

Nov 19, 2020

Forced Authentication Detection Using Sysmon With A Hands-On Lab.

Forced authentication is a technique where threat actors can gather credentials by forcing a user to automatically provide authentication data and intercept responses. …

Cybersecurity

6 min read

Forced Authentication Detection Using Sysmon With A Hands-On Lab.

Nov 16, 2020

End Point Visibility with Sysmon. A Hands-On Lab Using BITS Jobs.

It’s critical that cybersecurity analysts have verbose endpoint visibility to detect and respond to attacks. System Monitor (Sysmon) is a utility provided by Microsoft to capture detailed process, network, and file change events, which can be used to detect endpoint staged attacks. System Monitor (Sysmon) is a Windows system service…

Cybersecurity

8 min read

End Point Visibility with Sysmon. A Hands-On Lab Using BITS Jobs.

Nov 3, 2020

Tor Detection Automation With Hands-On Lab.

Tor is open-source software that provides anonymity and privacy on the Internet. Tor is a software suite and network that provides increased anonymity on the Internet. It creates a multi-hop proxy network and utilizes multilayer encryption to protect both the message and routing information. [1] While Tor provides a valuable…

Cybersecurity

6 min read

Tor Detection Automation With Hands-On Lab.

Oct 18, 2020

Web Shells. YARA Log Collection Automation With Hands-On Lab.

In the story Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs the process of moving files via rsync, installing YARA, and creating a signature for the weevely web shell was covered. Additionally, the story Web Shells. …

Cybersecurity

8 min read

Web Shells. YARA Log Collection Automation With Hands-On Lab.

Oct 13, 2020

Web Shells. Additional Detection Strategies with Splunk Hands-On Labs.

An overview of a web shell with a hands-on lab was covered in the post Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs. The following post will expand on this initial lab to provide additional detection strategies using Splunk as a security information and event management (SIEM)…

Cybersecurity

13 min read

Web Shells. Additional Detection Strategies with Splunk Hands-On Labs.

Oct 5, 2020

Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs.

As a cybersecurity leader, your organization most likely runs a publicly facing web site. …

Cybersecurity

11 min read

Web Shells. An Introduction and Detection Strategies with YARA Hands-On Labs.

Sep 28, 2020

Enterprise Visibility with Splunk. The Building Blocks for Incident Detection.

Visibility into unique organizational machine data is a core capability for cybersecurity teams and provides the foundation to building incident detection capabilities. …

Cybersecurity

6 min read

Enterprise Visibility with Splunk. The Building Blocks for Incident Detection.

Sep 27, 2020

YARA. A Powerful Malware Analysis Tool.

YARA is a powerful analysis tool that can be integrated into organizational cybersecurity processes to improve malware detection and prevention capabilities. YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. [1] Using an adversary model like MITRE ATT&CK, cybersecurity leaders…

Cybersecurity

6 min read

Sep 22, 2020

Data source cost models. How much does your visibility cost?

Cost Justification. The Tough Questions. As a cybersecurity leader, have you been asked the following questions: Why are we spending this amount on a technology? What value does this provide to the business? Are other business units using this technology? Was it a challenge to answer these questions? If so, building a data source cost…

Cybersecurity

4 min read

Data source cost models. How much does your visibility cost?