HackDig : Dig high-quality web security articles for hackers

[SANS ISC] Simple Blacklisting with MISP & pfSense

I published the following diary on isc.sans.edu: “Simple Blacklisting with MISP & pfSense“: Here is an example of a simple but effective blacklist system that I’m using on my pfSense firewalls. pfSense is a very modular firewall that can be expanded with many packages. About blacklists, there is a well-known one called pfBlocklist. P
Publish At:2020-07-23 08:09 | Read:85 | Comments:0 | Tags:SANS Internet Storm Center Security Blacklist IOC MISP pfSen

Splunk Custom Search Command: Searching for MISP IOC’s

While you use a tool every day, you get more and more knowledge about it but you also have plenty of ideas to improve it. I’m using Splunk on a daily basis within many customers’ environments as well as for personal purposes. When you have a big database of events, it becomes quickly mandatory to deploy techniques to help you to extract juicy inf
Publish At:2017-10-31 14:55 | Read:5117 | Comments:0 | Tags:MISP Security Splunk Hunting IOC Python

Quick Integration of MISP and Cuckoo

With the number of attacks that we are facing today, defenders are looking for more and more IOC’s (“Indicator of Compromise) to feed their security solutions (firewalls, IDS, …). It becomes impossible to manage all those IOC’s manually and automation is the key. There are two main problems with this amount of data: How to share them
Publish At:2017-01-25 19:25 | Read:7191 | Comments:0 | Tags:Cuckoo Malware MISP Security Hunting IOC

3 Principles and Challenges of Endpoint Discovery

Digital attackers are constantly looking for ways to infiltrate organizations’ IT environments. One of the easiest modes of entry is for an actor to exploit a weakness in an endpoint, a network node which according to Dark Reading remains “the most attractive and soft soft target for cyber criminals and cyber espionage actors to get inside.”
Publish At:2016-07-26 03:55 | Read:4143 | Comments:0 | Tags:Featured Articles IT Security and Data Protection EDR endpoi

LOKI – Indicators Of Compromise Scanner

Loki is a Indicators Of Compromise Scanner, based on 4 main methods (additional checks are available) and will present a report showing GREEN, YELLOW or RED result lines.The compiled scanner may be detected by antivirus engines. This is caused by the fact that the scanner is a compiled python script that implement some file system and process scanning featur
Publish At:2016-01-16 09:05 | Read:4266 | Comments:0 | Tags:Countermeasures Security Software apt detector compromise sc

Managing Palo Alto Firewalls Custom URL Categories

[The post Managing Palo Alto Firewalls Custom URL Categories has been first published on /dev/random] Palo Alto Networks firewalls are very popular due to the huge amount of features they provide in a unique chassis. Besides the traditional traffic inspection, they can play up to the 7th layer of the ISO model. The rule base can contain rules which inspect t
Publish At:2015-12-23 22:10 | Read:6471 | Comments:0 | Tags:Security IOC Palo Alto

The Top 10 Tips for Building an Effective Security Dashboard

Today, enterprises must grapple with a panoply of numerous and highly sophisticated threats. In response to this dangerous landscape, it is no wonder that businesses are increasingly turning to security dashboards – a powerful communication vehicle for all information security professionals.An effective security dashboard provides personnel, ranging from sec
Publish At:2015-09-24 21:40 | Read:7887 | Comments:0 | Tags:Connecting Security to the Business Featured Articles CISO I

Good IOC VS. Bad IOC: When Automation Fails…

[The post Good IOC VS. Bad IOC: When Automation Fails… has been first published on /dev/random] A few days ago, I wrote a diary on the SANS ISC website about automating the search for IOC’s (“Indicator of Compromise“). The use of tools to collect such information (IP addresses, domains, hashes, …) is very useful to build a list
Publish At:2015-09-21 14:45 | Read:4060 | Comments:0 | Tags:Security Uncategorized Automation Crawler Fail IOC

Attacks Might Be Sophisticated, But So Can Be Your Defense Mechanisms

When working in security, the top priority is to protect your organization’s business-critical data from cyber attacks.You know that your traditional security mechanisms are in place – the database is secure; you have implemented audit trails and encryption on sensitive data, and you instituted pretty tight access control. Anti-virus solutions are in place,
Publish At:2015-09-01 10:40 | Read:3483 | Comments:0 | Tags:Featured Articles Risk Management cyber attack Defense IoC M

Implementing a Hot Threat Dashboard

Logjam, Freak, Shellshock, BEAST, POODLE, Heartbleed. Each new vulnerability requires a fire-drill to see if you’re vulnerable, if you have protective mechanisms, and to verify that your organization can detect attacks against your corporate network. On top of that, you may also receive bulletins from threat intelligence partners, law enforcement, and
Publish At:2015-06-05 23:10 | Read:6424 | Comments:0 | Tags:Security ioc MTD OpenSOC security threats

Moving from Indicators of Compromise to Actionable Content – Fast

Advanced threats are continuously evolving and so must our ability to detect, understand, and stop them. Indicators of Compromise are vital to this process. At Cisco, our approach to developing Indicators of Compromise and interpreting them is continuously evolving to empower you with the best intelligence to thwart stealthy attacks.Not only the Indicators t
Publish At:2015-02-16 20:05 | Read:3536 | Comments:0 | Tags:Security AMP Threat Grid indicators of compromise ioc securi

How AMP Threat Grid Accelerates Incident Response with Artifacts, Content, and Correlation

As a result of Cisco’s acquisition last May, ThreatGRID is now part of the Cisco Advanced Malware Protection (AMP) portfolio as AMP Threat Grid. The acquisition expands Cisco AMP capabilities in the areas of dynamic analysis and threat intelligence technology, both on-premise and in the cloud. AMP Threat Grid extends Cisco AMP with even greater visibility, c
Publish At:2015-02-09 15:10 | Read:4545 | Comments:0 | Tags:Security AMP AMP Threat Grid indicators of compromise ioc se


Share high-quality web security related articles with you:)