I published an article on the IBM SecurityIntelligence blog on Why You Need a BGP Hijack Response Plan. The posts starts with an introduction to BGP, how BPG routing exactly works and what a BGP hijack is.
The bulk of this type of incident response plan is done during the preparation and detection phase, for the containment, eradication and recovery you will most likely have to depend on your upstream ISPs.
An overview of the security conferences in Europe in 2019 that I want to attend. The list is also available as a Google calendar. Feel free to suggest updates.
Google Calendar for Security Conferences Europe or as an ICS fileSecurity Conferences_vnekk5gebvbngjop592s2tqed4@group.calendar.google.com.
56th TF-CSIRT meeting & FIRST Regional Symposium EuropeTallinn, Estonia2019 January 21 > 23 QuBitBelgrado, Serbia2019 Feb 7 BlueHatTel Aviv, Israel2019 Feb 6 > 7 Vienna Cyber Security Week Critical InfrastructureVienna, Austria2019 Mar 11 > … Read more.
Another day, another phishing website. This time again a phishing site with directory listing enabled. This phishing websites targets customers of the Belgian bank Beobank. The link to the site gets delivered via e-mail, claiming to come from the webmaster with an important security message.
This is how the phishing website looks like:
Moving up a few directories allows us to download the ZIP file containing the phishing code.
There are … Read more.
While I was analyzing a standard phishing e-mail my attention was drawn to the fact that the phishing page loaded remote Coldfusion scripts. The phishing mail itself is pretty default. It claims to come from e-mail support telling you that your mailbox is full.
The included cfform component allows to build a form with CFML custom control tags providing more functionality than standard HTML form input elements.
The phishing site was located … Read more.
In my previous post I talked about using the nmap NSE scripts or Hydra to search for systems with default passwords. My approach involved two steps: first learn via Burp how the authentication works (getting to know the form elements etc.) and then use this information as input for the brute force scripts.
A colleague pointed out that you can also use Burp suite for this last step.
Similar as with the previous approach, first … Read more.
I wrote a follow-up on using Burp for both the analysis and attack phase : Hunt for devices with default passwords (with Burp).
Using a strong and unique password for authentication is a key element in security. Unfortunately there are still a lot of devices installed with a default password. This post describes how you can find the web interface of these devices.
Before we start, it’s to important to list the three different web … Read more.
I published an article on How to Use Passive DNS to Inform Your Incident Response on the Security Intelligence blog.
This article gives you an insight on the different logging options for DNS traffic and how the historical records in passive DNS can help you during incident response. I included references to generating passive DNS data based on your traffic and which options you have for consuming it from a client perspective.
I published an article on Don’t Dwell On It: How to Detect a Breach on Your Network More Efficiently on the Security Intelligence blog.
This article describes which typical event types you should look for to detect an intrusion. The article lists 5 key steps to react when you suspect an incident is ongoing.
I published an article on What Metrics Do You Need to Measure the Success of Your SOC? on the Security Intelligence blog.
This article describes how you can evaluate the SOC performance and growth more accurately by building out consistent measurements to review it’s essential functions.
The article covers people, roles, technology, policies and processes and also includes some tips for further tuning reporting and metrics to measure the success of your SOC.
I published an article on How to Leverage Log Services to Analyze C&C Traffic on the Security Intelligence blog.
This article describes what can cause C2 traffic, the different types of C2 traffic and what log sources that you can use to detect the C2 traffic caused by malware.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.