Red Teaming: The Art of Adversarial Simulation - Twelvesec
A high-impact cybersecurity methodology designed to test IT systems, people, processes, and organisational resilience.| Twelvesec
A high-impact cybersecurity methodology designed to test IT systems, people, processes, and organisational resilience.| Twelvesec
In the world of cybersecurity, the term Security Operations Center (SOC) carries significant weight. It evokes images of highly skilled analysts working around the clock to detect, respond to, and mitigate cyber threats. However, not all SOCs live up to this expectation. If a SOC lacks core functions like triage, analysis, assessment, and remedial action, it’s not truly a SOC—it’s merely a contact center masquerading as one. Let’s explore why these functions are non-negotiable for a...| PwnDefend
If you are are a victim of unauthorised mailbox access and/or attempted fraud via mailbox compromise (BEC) then you know … Continue reading Business Email Compromise: Impact Assessment| PwnDefend
A cyberpunk-styled visualization of the Scattered Spider attack flow, defensive countermeasures, and an interactive checklist with activity log, designed for WordPress compatibility.| PwnDefend
Intelligence Assessment: Scattered Spider and DragonForce Ransomware Threats| PwnDefend
When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.| PwnDefend
The binary fltMC.exe is used to manage minifilter drivers. You can easily load and unload minifilters using this binary. To unload the Sysmon driver you can use: fltMC unload SysmonDrv If this bina…| 🔐Blog of Osanda
This post is the fifth of a series on Threat Intelligence Automation topic. Post 1: Architecture and Hardening of MineMeld Post 2: Foundation: write a custom prototype and SOC integration Post 3: E…| Scubarda
Presentation on building an effective operational security capability (as given at Cisco Live US/Talos Threat Research Summit 2019). This talk will not help you build a SOC in only 60 minutes, but it will help you build a functional security operation over time. Building a SOC can be daunting. This talk will look at how […] The post So you want to build a SOC: Lessons from the front line appeared first on Portcullis Labs.| Portcullis Labs
Presentation on Zero Trust and the importance of identity in breach response and recovery (as given at InfoSec Europe 2019 on the tech talk track). Richard Dean, Cisco’s EMEAR Head Of Security Advisory Services looks at Cisco’s approach to zero trust. This talk discusses the need to monitoring your users’ access and privileges and how […] The post Is that really you? The importance of identity in breach response and recovery appeared first on Portcullis Labs.| Portcullis Labs
Presentation on building effective SOCs (as given at InfoSec Europe 2019 on the interactive workshop track). Simon Crocker, Cisco’s EMEAR lead for SOC Advisory looks at what goes into making a SOC work effectively. This talk discusses the core SOC requirements around monitoring and incident response function, but also touches on some of the other […] The post Discover the secrets of the SOC appeared first on Portcullis Labs.| Portcullis Labs
By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Background to Active Directory integration […] The post An offensive introduction to Active Directory on UNIX appeared first on Portcullis Labs.| Portcullis Labs
Presentation on Active Directory integration solutions for UNIX (as given at Black Hat Europe 2018). Over the past fifteen years there’s been an uptick in “interesting” UNIX infrastructures being integrated into customers’ existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heterogeneous Windows network, they may […] The post Where 2 worlds collide: Bringing Mimikatz et al to UNIX appeared first on Portcullis Labs.| Portcullis Labs
Presentation on logging and auditing strategies (as given at Secure South West 11). Building on my blog post on Cisco’s security blog entitled The Importance of Logs, I put together a presentation that picks apart some of the practical aspects of building a successful logging capability focusing on the need to document “good” and curate […] The post The importance of logs: You won’t see what you don’t log appeared first on Portcullis Labs.| Portcullis Labs
