Brokering Other Cloud Resources Behind AWS Services

Nov 21, 2019 2:43:00 PM / by Whitney Champion posted in DFIR, Operations, SecOps, Security, ZeroTier, DevOps, AWS, Cognito, Identity Aware Proxy, Cloud

I tweeted this the other day, and had a lot of folks reach out asking for more details/a diagram of this setup.

Read More

The Infrastructure, II

Oct 17, 2019 2:48:00 PM / by Whitney Champion posted in OpenSOC, DEFCON, Events, Infrastructure

After DEF CON last year, we posted this blog about our infrastructure, which was spread between a handful of Intel NUCs, and AWS. It was epic. It was shiny and new. We loved it.

Read More

OpenSOC @ DC27 - Black Badge Edition!

Aug 31, 2019 2:53:00 PM / by Eric Capuano posted in OpenSOC, DEFCON, Events, BlackBadge, BlueTeamVillage

We never wrote up a blog post for DC27, but this excerpt from the closing ceremonies covers most of what we would've written.

Read More

Automating Graylog Pipelines

Jun 18, 2019 3:02:00 PM / by Whitney Champion posted in Automation, DFIR, SecOps, Security, Python, Graylog, Continuous Integration, DevOps, Ansible

Part of our job at Recon relies on fine tuning our threat signatures that make up the bulk of our pipeline rules in our Graylog environment.

Read More

Analysis of Exploitation: CVE-2019-3396

May 20, 2019 3:22:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Security, Malware, Exploit, Intel Sharing, Vulnerability

The Recon incident response team recently worked an intrusion case involving a Confluence web application server that was affected by CVE-2019-3396.

Read More

Locking down ZeroTier peer-to-peer networks

Feb 9, 2019 3:38:00 PM / by Eric Capuano posted in ZeroTier, Defense, DevOps, VPN, Cryptography

In a previous post, we shared our affinity for ZeroTier:

Read More

Join us for Network Defense Range Training at Black Hat 2019!

Feb 4, 2019 3:48:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Training, NDR


We're very excited to announce that we'll be bringing our NDR training to Black Hat this year! Come join us for the Network Defense Range Crucible - Live Adversary Detection and Incident Response during Black Hat 2019 Trainings!

Read More

A Tribute to devnull

Nov 15, 2018 3:52:00 PM / by Matt Bromiley posted in OpenSOC, DEFCON, BlueTeamVillage

Hello, dear friends. The past few days have been extremely hard on the OpenSOC Team. We hope this isn't the first time you're hearing of this, but a beloved friend of our team, devnull (aka Nolan Berry), passed away this past Friday, November 9, 2018. I'd try to find the words to express our sadness, but it would be an exercise in futility.

Read More

The Infrastructure

Aug 27, 2018 3:57:00 PM / by Whitney Champion posted in Automation, SecOps, OpenSOC, DEFCON, DevOps, Infrastructure

When I joined the OpenSOC team at the beginning of this year, everything resided on 3 Intel Skull Canyon NUC's, a couple other systems for scenarios or applications with hardware requirements, a Ubiquiti WAP, a Synology NAS, and various other things.

Read More

Blue Team Village @ DEF CON 26

Aug 23, 2018 4:00:00 PM / by Eric Capuano posted in OpenSOC, DEFCON, Events, BlueTeamVillage

Huge thanks to @BlueTeamVillage and all of the awesome projects that make up OpenSOC Blue CTF!

Read More
View RSS Feed