LinkedIn - Posts

Posted

Post X1

SANS - Guide to security operations
https://sansorg.egnyte.com/dl/TLpDjvybnc

🔒 Guide to Security Operations By SANS Institute 🔒

📖 Contents:

📊 SOC Functions

🎯 SOC Functions Diagram

🔍 SOC Core Functions

🛡️ Collection

🔦 Detection

🚨 Triage

🔎 Investigation

🛠️ Incident Response

⚙️ SOC Auxiliary Functions

🛠️ SOC Tools

🛠️ SOC Tools Overview

🔒 SIEM

🌐 Threat Intelligence Platform

📂 Incident Management System

📊 Collection of Key Data

🔑 Data Types

🌐 Flow Records

💳 Transaction Data

📦 Full Packet Capture

🌐 Traffic Collection Opportunities

💻 Endpoint Monitoring

📅 Event Categories to Record and Collect

🏢 Windows Log Sources

🐧 Linux/Unix Log Sources

☁️ Cloud Logging

🏢 IaaS Logging

☁️ Cloud Management Plane Logs

📦 PaaS and SaaS Logging

📈 Models & Metrics for Security Operations

🛡️ Attack Mental Models and Reference Frameworks

🎯 Knowing Yourself and Your Enemy

🎯 Three Levels of Threat Intelligence

🎯 Threat Modeling

🎯 Attack Trees

🎯 F3EAD Cycle

🌀 The OODA Loop

🌀 The OODA Loop and Operations Tempo

🔍 Threat-Hunting

📈 Metrics

📊 Metrics Types

📊 Practical Metrics Considerations

📏 What to Measure

📚 SOC References

🔧 Open-Source Tools

🎙️ Podcasts

📚 Books

🎓 Suggested SANS Courses for the Blue Team

🆓 SANS Free Resources

📝 About the Author

#SecurityOperations #Cybersecurity #SIEM #CyberDefense #Infosec

Post X4

Getting Started with MITRE ATT&CK

📖 Contents:

🔍 Threat Intelligence
📊 Detection and Analytics
🕵️‍♂️ Adversary Emulation and Red Teaming
🔧 Assessments and Engineering

#cybersecurity #informationsecurity #mitreattack

Post X5

🔒 Microsoft Azure Security Framework - A roadmap for hardening the security of your Azure environment 🛡️

📖 Contents:

📜 Introduction: Securing Azure
📊 Inventory management
💼 Resource isolation
📂 Backups and disaster recovery
🔐 Identity and access management
📊 Logging and monitoring
📜 Policies
🌐 Resource governance
🕵️‍ Continuous detection and monitoring
🚨 Incident response (IR)

#AzureSecurity #CloudSecurity #MicrosoftAzure #Cybersecurity #DataProtection #InfoSec #Azure #SecurityFramework

Post X7

🔍 Microsoft 365 Forensics Playbook - Best Practices for Acquisition of Email boxes and Unified Audit Logs For Microsoft 365 (Exchange Online) 📦🔒

📖 Contents:

🕵️‍ eDiscovery Roles
📋 Role assignment
🔍 Create an eDiscovery case
📦 Reserving content in legal hold
🔎 Carrying out eDiscovery content search
📤 Export of Mailbox in PST
📊 Unified Audit Logs

#Microsoft365 #Forensics #Cybersecurity #IT

Post X8

🚀 RISK ASSESSMENT PROCESS HANDBOOK 📚

📖 Contents:

Overview

• Aim of the handbook
• Benefits of the risk assessment process
• The QERMF's approach to managing risk

Risk Assessment Process:

• Establishing the context
• Analyzing hazards
• Assessing risk
• Risk based planning

Risk Assessment Process Details:

• Process 1: Identifying risk
  • Step 1: Assessing the hazard
  • Step 2: Identifying exposed elements
  • Step 3: Assessing vulnerability
• Process 2: Determining level of risk
  • Step 1: Assessing likelihood
  • Step 2: Finalizing vulnerability assessment
  • Step 3: Assessing consequence
• Risk statement development
• Assigning level of risk
• Risk treatment
• Risk documentation
  • Risk Assessment Table
  • Risk Register
  • Decision Log

#Cybersecurity #RiskAssessment #RiskManagement

Post X9

📘 Malware Reverse Engineering Handbook 🕵️‍

📖 Contents:

🔍 Why Perform Malware Analysis?
🔬 How to Set Up a Lab Environment
💻 Static Malware Analysis
🔍 Disassembly (IDA & Ghidra)
🔄 Dynamic Analysis
🌐 Network Traffic Analysis
📦 Packed Executables/Unpacking
🚨 Incident Response Collaboration (MISP & Yara)

#MalwareAnalysis #ReverseEngineering #Cybersecurity #InfoSec #DigitalForensics

Post X10

The Zero Trust Model in Cybersecurity

📖 Contents:

Why zero trust – and why now? 📖
Decoding zero trust: giving a meaning to the buzzword 🕵️‍♂️
What is not zero trust? And what is? 🤔
Limitations and possibilities of zero trust in an industrial environment 🏭
Guiding principles of zero trust ✨
Best practices and steps for a successful deployment of the zero-trust model 🚀
Ensuring buy-in across the organization with tangible impact 💼
Understanding and mapping the “crown-jewels” 💎
Introducing adequate control mechanisms 🔒
Implementing the zero trust model 💻
Maintaining, monitoring and improving the zero trust model 📈
Vision for the future: new technologies and zero trust 🔮

#ZeroTrust #Cybersecurity #InfoSec #CyberDefense

Post X11

Risk Assessment and Treatment Process

📖 Contents:

Risk assessment and treatment process

• Criteria for performing information security risk assessments
• Risk acceptance criteria
• Process diagram
• Establish the context

Risk identification

• Compile/ maintain asset inventory
• Identify potential threats
• Identify risk scenarios

Risk analysis

• Assess the likelihood
• Assess the impact
• Risk classification

Risk evaluation

• Risk assessment report

Risk treatment

• Risk treatment options

• Select ion of controls

• Risk treatment plan

• Statement of applicability

• Management approval

• Risk monitoring and reporting

• Regular review

Roles and responsibilities

• RACI chart

Post X12

Tenant Isolation Framework for Cloud Applications by @Wiz

📖 Contents:

Part One – Modeling Tenant Isolation

• External Interfaces
• Security Boundaries
• Hardening Factors
• Isolation Review
• Vendor Transparency

Part Two – Improving Tenant Isolation

• Core Principle
• Additional Considerations
• Isolation Maintenance

#Wiz #InfoSec #Cybersecurity

Post X13

Windows Event Log Analysis

📖 Contents:

Event Log Format🔍
Account Management Events🔒
Account Logon and Logon Events👤
Access to Shared Objects📂
Scheduled Task Logging⏰
Object Access Auditing🔍
Audit Policy Changes🔄
Auditing Windows Services🔧
Wireless LAN Auditing📶
Process Tracking🔄
Additional Program Execution Logging📝
Auditing PowerShell Use💻

#LogAnalysis #Cybersecurity #WindowsSecurity #InformationSecurity

Post X15

Warning: Port 514 - Your Network's Vulnerable Backdoor (BONUS INSIDE) 🔒💥

Last week, my team flagged a critical issue: a client had integrated a SIEM system into the cloud, and it raised some serious concerns. I decided to get to the bottom of it.

I talked to the client, hoping to understand how they had done the integration and what precautions they had taken. Unfortunately, they couldn't provide clear answers, so I took matters into my own hands.

Here's what I found:

1. Uncontrolled Alerts: The client's SIEM system had no alert controls, and there were no defined rules in place.

2. Unencrypted Data Transfer: Some integrations were transmitting data over port 514 without encryption.

3.Open Port 514 to the Internet: The most glaring issue was that port 514, used for the SYSLOG service of the SIEM system, was wide open to the Internet.

When I confronted the client with these findings, they seemed baffled by the significance of an open port 514 to the SYSLOG server on the Internet.

I had to spell it out for them: an open port 514 accessible from the Internet exposes you to significant security risks, including:

1. Denial of Service (DoS) Attacks: Malicious actors could flood the server with an overwhelming volume of logs, potentially crippling the SIEM system.

2. False Logs: Unauthorized access to the SYSLOG server could lead to the injection of false or misleading log data, causing confusion or even misdirected responses.

3. Financial Impact: If data transmission is billable, excessive traffic from untrusted sources could lead to substantial financial losses.

In response to these critical findings, we promptly convened a meeting with the client and their service provider, successfully mitigating these vulnerabilities. Mission accomplished

👉 Bonus >> Try It Now

nc -u IP_ADDRESS 514

Have you encountered similarly flawed service implementations? How did you handle them? Share your experiences and strategies for maintaining system security in the comments 👇.

To Post

Post XX6

🚀 Jump-start Your SOC Analyst Career - A Roadmap to Cybersecurity Success By Tyler Wall & Jarrett Rodrick

📖 Contents:

🔒 The Demand for Cybersecurity and SOC Analysts
🎯 Areas of Expertise in Cybersecurity
🔍 Job Hunting
🛠️ Prerequisite Skills
👨‍💼 The SOC Analyst
☁️ SOC in the Clouds
🤖 SOC Automation
📚 Real SOC Analyst Stories

#Cybersecurity #SOCAnalyst #CareerDevelopment #InfoSec #CyberCareer #SecuritySkills #CloudSecurity

To write

Post X2

How to write Notes at meeting - LinkedIn Carusel
https://www.youtube.com/watch?v=yxHPScN_ct4

Post X3

make a carouse from this
https://www.linkedin.com/feed/update/urn:li:activity:6898730632017784832/?updateEntityUrn=urn%3Ali%3Afs_updateV2%3A(urn%3Ali%3Aactivity%3A6898730632017784832%2CFEED_DETAIL%2CEMPTY%2CDEFAULT%2Cfalse)&originTrackingId=otXB9JP1R76Zv%2Fcf5QStAA%3D%3D
CYBERSECURITY POSTURE SELF ASSESSMENT

Post X14

Write about creating a security map - https://www.linkedin.com/posts/shimi-cohen-62a4222b_security-blueprint-activity-7012329996908163072-uPeM?utm_source=share&utm_medium=member_desktop

https://www.linkedin.com/posts/neria-basha_your-soc-is-useless-heres-why-1-noise-activity-7096576392657539072-VHu1/?utm_source=share&utm_medium=member_desktop

https://www.linkedin.com/posts/neria-basha_soc-cybersecurity-threatdetection-activity-7099268896506966016-OTnq/?utm_source=share&utm_medium=member_desktop

https://www.linkedin.com/posts/neria-basha_6-tips-for-outsourcing-to-a-soc-provider-activity-7102168022886289408-sy-1/?utm_source=share&utm_medium=member_desktop

https://www.linkedin.com/posts/neria-basha_you-must-read-this-before-implementing-siem-activity-7108060569005436931-ZCQZ/?utm_source=share&utm_medium=member_desktop