When people ask what their baseline configuration should be, in terms of logging, I feel like it often gets answered with general advice regarding knowing your environment, having different configurations for file servers vs domain controllers, etc. This is true advice, but not particularly helpful. You might not know your
For average/home usersSomeone on twitter asked two questions that I thought might be valuable for this article, paraphrasing: Can someone explain the Log4j vulnerability in non-IT terms, and is there any mitigation my level as average mere mortal?1) A log component can ask external systems questions. The answers
I have, for a long time, been watching my logs for unusually long command line artifacts. Something suspicious doesn't have to be long, but except for a few well-known and easily ignored applications, most long command lines are suspicious. For example, imagine you came across this in your logs: Suspicious,
Very quick post, mostly notes for myself. When using Volatility 3 you might noticed that some plugins cannot be loaded # ./vol.py -h [...] The following plugins could not be loaded (use -vv to see why): volatility.plugins.windows.cachedump, volatility.plugins.windows.callbacks, volatility.plugins.windows.hashdump, volatility.plugins.windows.
I'm a huge fan of https://makemeapassword.ligos.net/generate/readablepassphrase, and regularly advise people to use it when generating passwords that need to be memorized or typed frequently. However, there's been numerous times people have expressed concerns that they're effectively generating passwords on someone else's computer. This is (typically)
I wanted to address a tweet posted today by the UK's National Cyber Security Centre advising people to use three random words as a passphrase. When choosing your password, use #threerandomwords: memorable but not easy to guess, a good compromise between protection and usability https://t.co/6pEf004ohb pic.twitter.
There's really nothing special here except a mildly updated example of the code found here: https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTTUT/RESTsearches#Python_example Basically, updated to python3 due to the impending end-of-life (print() adjustment, and urlencode had changed in Python3). While I was at it,
School Vandals Caught When Smartphones Connect to Wi-Fi https://slate.com/technology/2019/07/glenelg-high-school-graffiti-wifi-login.html Four students who spray-painted hateful symbols on their school were caught, despite covering their faces, when their phones automatically connected to the schools wireless. School administrators simply checked for who had authenticated during the
July Patches for Android Devices Have Been Released https://thehackernews.com/2019/07/android-security-update.html https://source.android.com/security/bulletin/2019-07-01 Of the 33 vulnerabilities patched this month, 9 of these are considered critical and 3 could be used for remote code execution (RCE) on a device. Remember, laptops
I feel like I'm getting better at this, at least I got the day right this time... Third Florida Town in Three Weeks hit by Ransomware https://arstechnica.com/information-technology/2019/06/is-there-something-in-the-water-third-florida-city-hit-by-ransomware/ It appears all three incidents started with a city employee clicking in an email attachment. An interesting