Threat Intelligence Report- IOCs Weekly

These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis.  Attacker Location: Connection By Country(20): 07_15_2020-IOC-COUNTRY.csv Top attacking countries are China (23.12%) Ireland (15.26%), United States(7.84%), Russia (7.84%), … Continue reading "Threat Intelligence Report- IOCs Weekly"

Read More

Threat Intelligence Report- IOCs Weekly

These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis.  Attacker Location: Connection By Country(20): 2020_07_06-IOC_COUNTRY.csv Top attacking countries are China (24.87%) Ireland (14.06%), United States(7.91%), Panama (7.31%), … Continue reading "Threat Intelligence Report- IOCs Weekly"

Read More

Canarytokens- Deceive Your adversaries honey(pot) executable

Thinkst offers an awesome open-source beaconing service in Canarytokens.org. It’s a great tool to determine if anyone is opening documents inside or outside of your environment. Place a “bugged” exe along side sensitive or confidential files to determine who may be accessing or exfiltrating similar data. In this tutorial we’ll compile a basic C program … Continue reading "Canarytokens- Deceive Your adversaries honey(pot) executable"

Read More

Splunk IOC Threat Feed- Open Threat Exchange

Ingesting open source threat feeds should be a trivial effort, especially considering the value they typically contain. Based on my experience getting feeds populating and ingesting into a log management platform, it was anything but simple.  I recently found the OTX add-on for Splunk, which seems to satisfy all my needs. The OTX Add-on requires … Continue reading "Splunk IOC Threat Feed- Open Threat Exchange"

Read More

Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel

I decided to write a series of articles detailing how you can practice the basic skills need to be an Information Security Analyst. If you’re looking to get into the InfoSec field, and blue team/threat hunting sounds interesting, these articles should guide you through setting up up your home IDS & Threat Intel lab. Every … Continue reading "Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel"

Read More