Whitney Champion

Lead Architect
Find me on:

Recent Posts

Remote Access Done Right

Oct 14, 2022 3:00:00 PM / by Whitney Champion posted in SecOps, Security, DevOps, Infrastructure, Cloud, SSO

Do you have resources on prem? In the cloud? How about in multiple clouds? How do you access them all, and how do you track all of those resources? How do you handle key management? Password management? User management? How do you maintain who or what has SSH and RDP access? How do you provide secure access to internal websites or even other data sources? How do you know your admins and analysts and end users are accessing them securely? How do you know who has keys sitting in their downloads folder? How do you track any of it? 

Read More

Securing Your Velociraptor Deployment

Sep 23, 2020 10:51:00 AM / by Whitney Champion posted in DFIR, Velociraptor, Incident Response, Forensics, Operations, SecOps, Security, InfoSec, Threat Hunting, DevOps, AWS, Cognito, Identity Aware Proxy

Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and endpoint management. It currently supports Windows, Linux, and Mac endpoints, and BONUS: it's open source!

Read More

Integrating Thinkst Canaries with TheHive

Sep 16, 2020 11:33:00 AM / by Whitney Champion posted in Automation, DFIR, Incident Response, Forensics, SecOps, Canaries, InfoSec, Thinkst, Training, Python, TheHive, Cortex

We've been big fans of the Thinkst platform for a while now. We may have mentioned them a time or two :) Like many others, we get a lot of mileage out of their Canaries and Canary Tokens.

Read More

OpenSOC @ DEF CON 28 Safe Mode

Aug 14, 2020 11:53:00 AM / by Whitney Champion posted in OpenSOC, DEFCON, Events

Some of you may remember our last event, Camp COVID. That was the biggest event we had ever run.

UNTIL LAST WEEK: DEF CON 28

Read More

Camp COVID - A Recap

Apr 17, 2020 11:40:00 AM / by Whitney Champion posted in OpenSOC, Events, Graylog, Infrastructure

ETo8FQOXYAIXNsL-1

Let me first say, on behalf of the Recon team, we cannot thank the community enough for joining us last week.

Read More

Integrating Graylog With TheHive

Jan 31, 2020 2:11:00 PM / by Whitney Champion posted in Automation, DFIR, Incident Response, SecOps, Security, Defense, Python, Graylog, DevOps, TheHive, Cortex, API

If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :)

Read More

Graylog and Cylance Protect Integration

Dec 23, 2019 2:37:00 PM / by Whitney Champion posted in Operations, SecOps, Security, Graylog, Logging, DevOps, API, Cylance

TL;DR - we needed to ingest multiple sources of Cylance logs into Graylog, and this is how we did it.

Read More

Brokering Other Cloud Resources Behind AWS Services

Nov 21, 2019 2:43:00 PM / by Whitney Champion posted in DFIR, Operations, SecOps, Security, ZeroTier, DevOps, AWS, Cognito, Identity Aware Proxy, Cloud

I tweeted this the other day, and had a lot of folks reach out asking for more details/a diagram of this setup.

Read More

The Infrastructure, II

Oct 17, 2019 2:48:00 PM / by Whitney Champion posted in OpenSOC, DEFCON, Events, Infrastructure

After DEF CON last year, we posted this blog about our infrastructure, which was spread between a handful of Intel NUCs, and AWS. It was epic. It was shiny and new. We loved it.

Read More

Automating Graylog Pipelines

Jun 18, 2019 3:02:00 PM / by Whitney Champion posted in Automation, DFIR, SecOps, Security, Python, Graylog, Continuous Integration, DevOps, Ansible

Part of our job at Recon relies on fine tuning our threat signatures that make up the bulk of our pipeline rules in our Graylog environment.

Read More
View RSS Feed