HackDig : Dig high-quality web security articles

Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations

On May 31, 2023, Progress Software released a security bulletin concerning a critical vulnerability within MOVEit Transfer, a widely used secure file transfer system. TrustedSec has performed analysis on the vulnerability and post-exploitation activities. At the time of publication, there is no associated CVE or CVS score. This post will describe the rese
Publish At:2023-06-01 13:07 | Read:136437 | Comments:0 | Tags:Incident Response Incident Response & Forensics Vulnerabilit

The nature of cyberincidents in 2022

Kaspersky offers various services to organizations that have been targeted by cyberattackers, such as incident response, digital forensics, and malware analysis. In our annual incident response report, we share information about the attacks that we investigated during the reporting period. Data provided in this report comes from our daily interactions with o
Publish At:2023-05-16 04:28 | Read:226989 | Comments:0 | Tags:SOC TI and IR posts Incident response Industrial threats In

How Morris Worm Command and Control Changed Cybersecurity

A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable data. The key to all this is a well-developed Command and Con
Publish At:2023-05-01 11:13 | Read:157696 | Comments:0 | Tags:Incident Response Risk Management Morris Worm C2 Operation A

Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 3 – Network Analysis and Tooling)

Within the first two installments of this series, we identified the key to successful incident preparation starts with making sure a solid incident triage process is in place, centralized analysis documentation is created, and the incident communication cadence has been solidified. This, in conjunction with a well-oiled rapid triage Windows artifact processi
Publish At:2023-04-25 09:07 | Read:211655 | Comments:0 | Tags:Incident Response Incident Response & Forensics Threat Hunti

Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 2 – Incident Assessment and Windows Artifact Processi

In Part 1 of this series, we identified that there are three (3) key parts to successful incident preparation: ensuring that a solid incident triage process is in place, creating centralized analysis documentation, and solidifying incident communication. In Part 2 of this series, I will delve into the process of thoroughly evaluating the incident, explore
Publish At:2023-04-20 09:07 | Read:274741 | Comments:0 | Tags:Incident Response Incident Response & Forensics Threat Hunti

Incident Response Rapid Triage: A DFIR Warrior’s Guide (Part 1 – Process Overview and Preparation)

In this series, I will be discussing how to handle an incident with the speed and precision of a DFIR warrior. With a rapid triage mindset, you’ll be able to assess the situation quickly and efficiently, just like a Jiu-Jitsu practitioner sizing up their opponent before delivering a devastating submission. You will have the tools to identify the type a
Publish At:2023-04-18 09:07 | Read:180821 | Comments:0 | Tags:Incident Response Incident Response & Forensics Threat Hunti

How to Provide Relevant Threat Intelligence

In the evolution of cybersecurity, the threat landscape is ever-changing while the line of defense is ever-shrinking. Security professionals started with securing the perimeters, but now we need to assume a breach in a zero-trust environment. However, providing intelligence to help users stay ahead of threats becomes a challenge when that information is ove
Publish At:2023-04-11 15:10 | Read:177417 | Comments:0 | Tags:Incident Response Security Services Threat Hunting Threat In

On the Road to Detection Engineering

Introduction People have asked numerous times on Twitter, LinkedIn, Discord, and Slack, “Leo, how do I get into Detection Engineering?” In this blog, I will highlight my unique experience, some learning resources you might want to get your hands on (all free or low cost), and extras that have helped me overall. I’m currently a Senior Detection En
Publish At:2023-04-11 09:07 | Read:260563 | Comments:0 | Tags:Career Development Incident Response Penetration Testing Pur

A Quick Guide To Incident Response Planning

In today’s fast-paced and interconnected world, the threat of cyber-attacks and data breaches has become increasingly prevalent. As a result, it’s crucial for organizations to have a solid incident response plan in place to effectively and efficiently respond to security incidents. Incident response planning involves creating a framework and p
Publish At:2023-04-07 04:46 | Read:232547 | Comments:0 | Tags:Cybersecurity Security Advisory 6 steps in an incident respo

The Important Role of SOAR in Cybersecurity

Understaffed security teams need all the help they can get, and they are finding that help through SOAR. SOAR — security orchestration, automation and response — is defined by Gartner as the “technologies that enable organizations to collect inputs monitored by the security operations team.” Gartner identifies a SOAR platform’s
Publish At:2023-04-03 19:56 | Read:197506 | Comments:0 | Tags:Incident Response Risk Management SOAR Incident Response (IR

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While every zero day is important and
Publish At:2023-03-30 13:55 | Read:199895 | Comments:0 | Tags:Software Vulnerabilities Endpoint Incident Response Security

What You Need to Know About SBOM

What is an SBOM? A Software Bill of Materials (SBOM) is a hierarchical, itemized list of all dependencies, their version numbers and provenance for a given piece of software. It may also include other data, such as the license type or details about which database to query for vulnerability disclosure. SBOMs are not restricted to applications and c
Publish At:2023-03-30 09:24 | Read:308358 | Comments:0 | Tags:Incident Response Incident Response & Forensics Research

Selecting the right MSSP: Guidelines for making an objective decision

Managed Security Service Providers (MSSPs) have become an increasingly popular choice for organizations nowadays following the trend to outsource security services. Meanwhile, with the growing number of MSSPs in the market, it can be difficult for organizations to determine which provider will fit in the best way. This paper aims to provide guidance for orga
Publish At:2023-03-30 07:27 | Read:201411 | Comments:0 | Tags:SOC TI and IR posts Incident response MSSP Security assessm

Understanding metrics to measure SOC effectiveness

The security operations center (SOC) plays a critical role in protecting an organization’s assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs also help to improve overall security posture by providing add-on services like vulnerability identification, inventory tracking,
Publish At:2023-03-24 04:41 | Read:263118 | Comments:0 | Tags:Publications Cybersecurity Incident response MSSP SOC

Developing an incident response playbook

An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is to enable a large enterprise security team to respond to cyberattacks in a timely and effective manner. Such playbooks help optimize the SOC processes, and are a maj
Publish At:2023-03-23 04:53 | Read:267095 | Comments:0 | Tags:Publications Cybersecurity Incident response Security servic


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud