Cool Tools
The Fun Stuff: Privilege Escalation, Exfiltration, and Persistence This is part of a series of posts that walk through an attack. To start from the beginning, click here. In the last post, we successfully exploited our Victim using a client-side attack targeting an old version of Microsoft …
Last year, I wrote a couple articles on how to integrate Tripwire IP360 data into Splunk. These turned out to be very popular, with a number of folks reaching out to me for a copy of my IP360 Tools script that made all the magic …
Seeing Red This is part of a series of posts that walk through an attack. In an ideal world, information security teams are comprised of both a dedicated Red Team (attackers or offensive side) and a Blue Team (incident responders or defensive side). I’ve never …
Introduction One of the many challenges in information security is collecting, managing, and applying threat intelligence. Typically, threat intelligence comes from a variety of disparate sources, such as IDS rules (Sourcefire / Emerging Threats), server/application logs, historical breach data, private/public feeds, security appliances…the list goes …
A few months ago I read about an emerging incident response technology called Carbon Black. At its core, Carbon Black acts as a surveillance camera for a system. It’s a lightweight sensor that constantly collects process and network information. More importantly, it shows relationships for …