I have not been uploading threat intelligence data the last few weeks. I am in the process of relocating to a new home, and have begun to break down my home lab VMs & equipment. I plan to release a summary of my data over the last few months before leaving my current residence, and … Continue reading "Threat Intelligence Report On Hold- Update"
Read MoreTag: threat intel
Threat Intelligence Report- IOCs Weekly
These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis. Attacker Location: Connection By Country(20): 07_15_2020-IOC-COUNTRY.csv Top attacking countries are China (23.12%) Ireland (15.26%), United States(7.84%), Russia (7.84%), … Continue reading "Threat Intelligence Report- IOCs Weekly"
Read MoreThreat Intelligence Report- IOCs Weekly
These reports outline various IOCs detected by my honeypots and provide a snapshot of attacker trends. While these IOCs will be stale by the time you review them, they will provide historical context and opportunities for analysis. Attacker Location: Connection By Country(20): 2020_07_06-IOC_COUNTRY.csv Top attacking countries are China (24.87%) Ireland (14.06%), United States(7.91%), Panama (7.31%), … Continue reading "Threat Intelligence Report- IOCs Weekly"
Read MoreCanarytokens- Deceive Your adversaries honey(pot) executable
Thinkst offers an awesome open-source beaconing service in Canarytokens.org. It’s a great tool to determine if anyone is opening documents inside or outside of your environment. Place a “bugged” exe along side sensitive or confidential files to determine who may be accessing or exfiltrating similar data. In this tutorial we’ll compile a basic C program … Continue reading "Canarytokens- Deceive Your adversaries honey(pot) executable"
Read MoreSplunk IOC Threat Feed- Open Threat Exchange
Ingesting open source threat feeds should be a trivial effort, especially considering the value they typically contain. Based on my experience getting feeds populating and ingesting into a log management platform, it was anything but simple. I recently found the OTX add-on for Splunk, which seems to satisfy all my needs. The OTX Add-on requires … Continue reading "Splunk IOC Threat Feed- Open Threat Exchange"
Read MoreIntro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel
I decided to write a series of articles detailing how you can practice the basic skills need to be an Information Security Analyst. If you’re looking to get into the InfoSec field, and blue team/threat hunting sounds interesting, these articles should guide you through setting up up your home IDS & Threat Intel lab. Every … Continue reading "Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel"
Read More