To the delight of most Graylog users, geolocation is automatically built into the platform via the "GeoIP Resolver" plugin. All that is needed is a MaxMind database and you are ready to roll. However, there is a better way of going about geolocation that might be worth implementing…
Guidance on securing your organization's G Suite environment…
Part 1 of a three-part series on digital forensics and incident response in Google's GSuite.…
An easy-to-understand break down of TA18-106A.…
An executive summary on the Meltdown and Spectre vulnerabilities affecting computer processors all over the world.…
Over time and for various reasons, I've amassed quite the catalog of cloud-hosted servers. This has caused much anxiety in the form of rapidly expanding attack surface which I've met painstakingly with manually managed firewall rules and nginx ACLs... Not anymore! OpenVPN hub-and-spoke setup (old school) Out with OpenVPN My…
Often times during incident response activities, the responder is overwhelmed with data. The need for tools to automate the analysis and enhancement of this data is crucial. This is the concept behind many SIEM tools, as well as Cortex, the analyzer engine of one of my favorite incident response collaboration…
So it's a random Wednesday night and I'm studying for my GIAC GCFE exam (which I just passed recently, woohoo!) and I take a quick break to read a news article or two... No shortage of those given recent election events! First article I browsed to, predictably and annoyingly greeted…
Header image: Telenor SOC, Jan 19 2016 Running a Security Operations Center requires fighting a constant battle to increase analyst efficiency, speed and accuracy. Fast and effective communication coupled with automation is the only answer. So why not have both in the same platform? Great for... Communication Our Operations team…
In my experience, one of those most prevalent and common threats to today’s enterprise networks comes in the form of malicious email attachments (shocker!). Attackers leverage document types that are most likely accessible to software installed on the victim endpoint, making Microsoft Office a prime target. Yes, in 2016,…