Open in app
Home
Notifications
Lists
Stories

Write
@mikecybersec
@mikecybersec

Home
About

Apr 16, 2021

Splunk Attack Range W/ Docker & AWS

“The Attack Range is a detection development platform, which solves three main challenges in detection engineering. First, the user is able to build quickly a small lab infrastructure as close as possible to a production environment. Second, the Attack Range performs attack simulation using different engines such as Atomic Red…

Cybersecurity

4 min read

Splunk Attack Range W/ Docker & AWS
Splunk Attack Range W/ Docker & AWS

Jan 30, 2021

INE Cyber Security Pass | Review

Hopefully a write up that will help you weigh up your choice with the INE Cyber Security pass. Purchasing Decisions Cheap isn’t always bad So I needed a platform or feed of training that was quite T shaped i.e. it covered a lot of areas, I recently started up https://vanguardcybersecurity.co.uk …

Cybersecurity

3 min read

INE Cyber Security Pass | Review
INE Cyber Security Pass | Review

Jan 14, 2021

Improving your detection with Sysmon, Sigma & ELK

Before Starting If you want to automate the deployment of the tooling here… Please see my Github for a .ps1 script to automate the install of the above, all you’ll need to do is retrieve your unique configuration for winlogbeat from Logzio. Advice: Set your execution policy to unrestricted Use a test…

Cybersecurity

6 min read

Developing Sigma rules with Sysmon and ELK
Developing Sigma rules with Sysmon and ELK

Nov 13, 2020

Microsoft Netlogon Vulnerability — Detection & Remediation

CVE-2020–1472 — Netlogon When consulting our open sources for potentially vulnerable devices worldwide, we’re still seeing a high volume of public facing devices that are not patched. Speaking with industry partners, we recognise that patching isn’t just as simple as applying a patch. …

Cyber

2 min read

Microsoft Netlogon Vulnerability — Detection & Remediation
Microsoft Netlogon Vulnerability — Detection & Remediation

Microsoft Netlogon Vulnerability — Detection & Remediation

CVE-2020–1472

https://dribbble.com/shots/8521877-Malware-Scanner-CSS-Animation

Netlogon

When consulting our open sources for potentially vulnerable devices worldwide, we’re still seeing a high volume of public facing devices that are not patched.

Speaking with industry partners, we recognise that patching isn’t just as simple as applying a patch. …


Sep 10, 2020

The seasonality of Cyber Crime

Ransomware is now seasonal “And how your educational year starts?” Recently, we’ve seen two high profile attacks on two UK based universities. Both attacks bearing hallmarks of ransomware, with one being claimed by DoppelPaymer. I recently read an article about general crime being seasonal, the same appears to be apparent…

Cybersecurity

2 min read

The seasonality of Cyber Crime
The seasonality of Cyber Crime

Aug 31, 2020

MA-00 — Lab Architecture and build tips

Foreword Restore the host if anything suspicious occurs. Keep up with patches on the virtualisation software, zero days are a thing. Static analysis lab build FlareVM — Windows Based lab by FireEye — Tutorial on how to install here REMnux — Linux Based lab maintained by Lenny Zeltser Dynamic analysis lab Hardened version of Ubuntu required as…

Cyber

4 min read

MA-00 — Lab Architecture and build tips
MA-00 — Lab Architecture and build tips

Aug 31, 2020

MA-02 — WindowsAPI Library

WindowsAPI Primer for Malware Analysis The Windows API is a common method Windows based malware will interface with the operating system to accomodate its functionality. Functions are required to ‘do something’, such as decrypting strings, making connections to IP addresses or enumerating processes on the victim machine. These functions exist…

Cyber

12 min read

MA-02 — WindowsAPI Library
MA-02 — WindowsAPI Library

Aug 31, 2020

MA-01 — Emerging Malware Analysis News/Intel

Malware written in GoLang GoLang based malware has been known to spike since the beginning of 2019 and poses a big threat to even experienced Malware Analysts. There are over 53 known malware families known using this language and it is very flexible. Read about it here: https://unit42.paloaltonetworks.com/the-gopher-in-the-room-analysis-of-golang-malware-in-the-wild/ Static Analysis in REMnux Malwology wrote this article (He’s a…

Cyber

2 min read

MA-01 — Emerging Malware Analysis News/Intel
MA-01 — Emerging Malware Analysis News/Intel

Aug 31, 2020

Introduction to Malware Analysis

To get you started, read https://digital-forensics.sans.org/media/malware-analysis-cheat-sheet.pdf Malware Analysis Series You’ll see multiple articles numbered “MA-X”, for example “MA-01 — Emerging Malware Analysis News/Intel”, I recommend you read them sequentially if you’re new. You can refer to the series as a handbook. Malware analysis methodology These are going to be questions that you want to answer when…

Malware Analysis

3 min read

Introduction to Malware Analysis
Introduction to Malware Analysis

Jun 28, 2020

Automating PCAP Parsing with Linux CLI, Bash & Security Onion

Introduction In a landscape where we see odd traffic all the time in networks, pulling PCAP’s and remembering your Wireshark expressions can sometimes be a bit of a nightmare… That never ending list in your notes of expressions. I’ve experimented with Security Onions tools such as ELK, Bro, Squill, Snort, Squert…

Cybersecurity

3 min read

Automating PCAP Parsing with Linux CLI, Bash & Security Onion
Automating PCAP Parsing with Linux CLI, Bash & Security Onion
@mikecybersec

@mikecybersec

Twitter: @mikecybersec

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable