LAPSUS$ Hunting with simple Anomaly Detection
Various methods to bypass OKTA MFAs have been disclosed on the internet, which I won’t discuss in this blog post. But rather how to.
Read More
Insider Threat Series: From Blue Team’s perspective
Insider Threat is an overarching problem. Because there is no single tool could comprehensively cover Insider Threat. Insider Threat Detection needs building blocks of.
Read More
Effective Logging Series: 1 – Enforce GCP Control Plane Logs – Folder & Org Level with Terraform
To get the codes directly https://github.com/tomwynn/gcp-stackdriver-terraform Problem Statement: How do we ensure that we get all audit logs from all the accounts under all.
Read More
Effective Logging Series: 2 – AWS Cloudtrails using AWS Control Tower and AWS Organization
Part 2 of the “Effective Logging” series, we will examine step by step mechanism of collecting Cloudtrail data from the entire organization including sub-accounts.
Read More
Leverage Purple Teaming To Assess Incident Response Capabilities
We get flooded with many different tools and technologies, whether open source or commercial, but one important question to ask ourselves is: “In the.
Read More
Effective Logging Series: 3 – Archive Splunk data to AWS S3 or Azure Blob Storage
https://github.com/tomwynn/coldToFrozenScripts/blob/master/coldToFrozenS3.py https://github.com/tomwynn/coldToFrozenScripts/blob/master/coldToFrozenBlob.py Data archiving is usually an afterthought. Most organizations only implement data archiving when compliance requires. But what if an incident happens and.
Read More
Threat Intelligence with Natural Language Processing
Problem Statement Organizations don’t usually invest in enough resources into Threat Intelligence, even if they do, SOC operators usually struggle with the amount of.
Read More
Insider Threat Series – 1: Various data exfiltration via AWS and how to detect them
PrefaceDetecting Data Exfiltration can be a daunting task. One of the more common use-case is the detection of users exfiltrating data via USB drives..
Read More
Insider Threat Series: From the Incident Detection and Response perspective
Quick words It has always been astounding about the amount of attack surfaces that we have within an organization for insider to exfiltrate data.
Read More
Design of a modern and mature Security Operation Center
Tiered SOC structure is something of the past. The common models of a SOC operation usually looks something like the examples below: OR OR.
Read More