Handler on Duty: Xavier Mertens
Threat Level: green
Tom Webb Diaries
- Pi-Hole Pi4 Docker Deployment
- Are Local LLMs Useful in Incident Response?
- Zeek and Defender Endpoint
- IR Case/Alert Management
- Live Linux IR with UAC
- Supersizing your DUO and 365 Integration
- Preventing ISO Malware
- Xmount for Disk Images
- Elastalert with Sigma
- Pi Zero HoneyPot
- TPOT's Cowrie to ISC Logs
- Using Shodan Monitoring
- CVE-2019-0604 Attack
- Critical Cisco Wireless Patch for RV Series, CVE-2019-1663.
- Phishing impersonations
- Playing with T-POT
- Cell Phone Monitoring. Who is Watching the Watchers?
- More Threat Hunting with User Agent and Drupal Exploits
- Tax Phishing Time
- IR using the Hive Project.
- Remote SOC Workers Concerns
- Summer STEM for Kids
- SSMA Usage
- Dynamite Phishing
- Blocking Powershell Connection via Windows Firewall.
- Mapping Attack Methodology to Controls
- New VMware Patches VMSA-2016-0009.4 VMSA-2016-0013 http://www.vmware.com/security/advisories.html
- Stay on Track During IR
- 522 Error Code for the Win
- Windows 10 Anniversary Update Available
- Kippos Cousin Cowrie
- SOC Resources for System Management
- Tomcat IR with XOR.DDoS
- Automating Phishing Analysis using BRO
- Automating Metrics using RTIR REST API
- Submit Dshield ASA Logs
- Is it a breach or not?
- Fast analysis of a Tax Scam
- North Korea Internet Down
- Cybertalent on the Cheap
- Scanning for Single Critical Vulnerabilities
- AppLocker Event Logs with OSSEC 2.8
- PHP 5.4.28 available. 19 bugs were fixed including CVE-2014-0185.
- Exposing WPA2 Paper
- Apple IOS Security Whitepaper http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf
- PHP 5.4.26 and 5.5.10 available. Several Security Fixes @ : http://www.php.net/downloads.php
- Linux Memory Dump with Rekall
- Malicious Ads from Yahoo
- Monitoring Windows Networks Using Syslog (Part One)
- The case of Minerd
- IDS, NSM, and Log Management with Security Onion 12.04.3