Threat Intelligence

Hello! My name is Ryan and I appreciate you reading! I wanted to introduce myself in this inaugural post, share a few things about me (while trying to preserve some semblance of anonymity), discuss a few of my goals for the blog, and generally just get this thing out of…

Intro Web Application Firewalls (WAF) filter, monitor, and block HTTP traffic to a web application. They use a combination of rule-based logic and signatures to detect and prevent attacks. WAF deployment options include: Network-based WAF (generally a hardware-based appliance). Host-based WAF (fully integrated into an application’s software — Apache, NGINX or…

Intro While protecting digital data, experts are faced with the need to know up-to-date information about cyber threats. This kind of data keeps you up in the arms race with a technically advanced cyber attacker. The role of the Cyber ​​Threat Intelligence (CTI, TI) process began to grow rapidly in…

Intro Wazuh includes an integration to ingest Office 365 events and alerts using Python. Full instructions on how to enable this integration can be found in this blog entry on Wazuh’s website. Mitre offers the “Office 365 Matrix” as part of their cloud matrices (more info here): Enriching Office 365 Events using Wazuh Detection Rules Our GitHub repo includes…

Disclaimer I’m writing this blog to share my path and experience building a Threat Intelligence capability. All views, ideas, and thoughts expressed are my own and do not represent in any way the opinions of any entity whatsoever with which I have been, am now, or will be affiliated. …

What’s the difference between an indicator of compromise (IoC) and an indicator of attack (IoA)? First, what are indicators? Indicators are evidence related to security incidents. They can be hashes, domain names, IP addresses, URLs, malware signatures, registry keys, filenames, processes, services, network traffic, activity from unusual geographic locations, unrecognized…

By Cyborg Security Introduction Structured threat hunting (often referred to as hypothesis-based hunting) remains one of the best ways that organizations can find previously undetected threats in their environment. It works so well because it structures the hunt around a central proposition, and at the end of the hunt, hunt teams…

It is overwhelming to see the number of Security products and services that are available in the market and this article seeks to classify and lay them out for easy consumptions by targetted audience. A recent visit to BlackHat Asia conference in Singapore paved way as a one stop place…

Nowadays, zero-days are among the most popular topics in the infosec community. Zero-days are unknown vulnerabilities that attackers can exploit to access systems or data. These vulnerabilities are usually found in software or hardware and can be used to bypass security controls. The time when cybercrime was just a hobby…