Just two people trying to do IT and Security the right way.
Time to start looking into cyber security frameworks. For this episode we’re looking at the the NIST Cyber Security Framework. We’re also explaining what a cyber security framework is and how they can help. LINKS 1. NIST Cyber Security Framework (CSF) FIND US ON 1. Twitter - DamienHull 2. YouTube...
Time for another maintenance episode where we review our systems and management process. This time were looking at our Digital Ocean servers, Automox patch management, Fortinet Firewalls, and the password manager Bitwarden. FIND US ON 1. Twitter - DamienHull 2. YouTube...
Almost roasted our VMware server to death. Don’t do what I did. Enjoy! LINKS 1. VMware Server: Super Micro SYS-E300-9D-8CN8TP 2. Fans: Noctua NF-A4x20 PWM FIND US ON 1. Twitter - DamienHull 2. YouTube...
LastPass was hacked last year. As LastPass customers we need to evaluate the impact that has on Section 9. Should we continue to use the product? Should we migrate to a different password manager? How do we evaluate a password manager? Consider this the start of a longer conversation about LastPass and password managers. FIND US ON 1. Twitter - DamienHull 2. YouTube...
Found some really interesting and helpful videos. One walks you through an Active Directory hacking lab. Another talks about default configurations and bad passwords as a way to hack into systems. The last one is about building a home lab. These are just what I needed. LINKS 1. SANS Workshop – NTLM Relaying 101: How Internal Pentesters Compromise Domains 2. The Top $ num Reasons You Got Hacked in 2022 with Kent & Jordan | 1 Hour 3. How to Build a Home Lab for Infosec with Ralph May | 1 Hour ...
Found a video that walks you through the process of setting up an Active Directory Lab for hacking. I wouldn’t be able to do this without a starting point. LINKS 1. Mitre ATT&CK Matrix 2. How to Build an Active Directory Hacking Lab FIND US ON 1. Twitter - DamienHull 2. YouTube...
Last episode was about my crazy study plan, or lack of one. Time to put together a proper study plan. One that works. FIND US ON 1. Twitter - DamienHull 2. YouTube...
Last episode was about my crazy study plan, or lack of one. Time to put together a proper study plan. One that works. FIND US ON 1. Twitter - DamienHull 2. YouTube...
Time to jump into my crazy, unorganized study process. Trying to study or learn the CISSP, pentesting, risk assessments, and keep up with my current certification requirements. I’ve also signed up for two Antisyphon classes. Beginner Classes 1. SOC Core Skills 2. Getting Started In Security With BHIS and Mitre Att&ck 3. Active Defense & Cyber Deception Advanced Classes 1. Introduction to Pentesting 2. Red Team: Getting Access 3. Professionally Evil CISSP Mentorship Program FIND US ON 1. ...
Time to create a policy for asset inventory. This will help us define what we need in our asset inventory. It will also help us define what we need in our procedures. The process we use to manage the inventory. LINKS 1. Enterprise Asset Management Policy Template FIND US ON 1. Twitter - DamienHull 2. YouTube...
We’re scanning our network with runZero to get an inventory of devices. What did it find? What can we learn from this inventory? How well does it work? LINKS 1. runZero - Active discovery tool for asset inventory FIND US ON 1. Twitter - DamienHull 2. YouTube...
We’re in the process of implementing the CIS controls. This will take time. We’re also very busy. Are there any gaping security holes that we need to fix? Do we have any security controls in place? Can we wait to implement the CIS controls? LINKS 1. runZero - Active discovery tool for asset inventory 2. Enterprise Asset Management Policy Template FIND US ON 1. Twitter - DamienHull 2. YouTube...
Time to get an accurate inventory of the devices on our network. Once we have an inventory, we can move on to policies and procedures. LINKS 1. runZero - Active discovery tool for asset inventory 2. Enterprise Asset Management Policy Template FIND US ON 1. Twitter - DamienHull 2. YouTube...
Time for another maintenance episode. This time were going back to the CIS Controls. This time were using version 8. Hoping to implement the first 7. FIND US ON 1. Twitter - DamienHull 2. YouTube...
Time to start learning Azure. We’ve had Azure AD and Microsoft 365 for years. Just added Azure to the mix. Lots to learn. LINKS Free Azure Account FIND US ON 1. Twitter - DamienHull 2. YouTube...
Time to go down the OSINT rabbit hole. What is it? What are we looking for? What are some of the tools we can use? LINKS 1. Kali Linux 2. Shodan 2. Spiderfoot 4. theHarvester 5. OSINT Framework FIND US ON 1. Twitter - DamienHull 2. YouTube...
Time to dig in and start learning the tools. LINKS 1. Kali Linux 2. Nmap 3. Shodan 4. Gophish 5. Zap 6. Burp Suite FIND US ON 1. Twitter - DamienHull 2. YouTube...
Got a new job. This makes our lab environment more important than ever. Some labs will be for me. Others will be for work. We need to make sure everything is working. We also need good documentation. No more messing around. FIND US ON 1. Twitter - DamienHull 2. YouTube...
There could be a new job in my future. Before that happens, we need to organize our IT. We’re looking at patching, Microsoft Defender for Business, and data recovery. FIND US ON 1. Twitter - DamienHull 2. YouTube...
Time for some new projects. Still have a few things to do with Wazuh. Once that’s done, I’ll need something new to work on. Python is the big one. Seems everyone is asking for Python skills these days. LINKS 1. The Azure Sandbox – Purple Edition FIND US ON 1. Twitter - DamienHull 2. YouTube...
Wazuh! It works! Not only does it work, but it’s awesome. We’re also covering detection as part of a security program. You can’t have good security without detection. We’re also throwing in a bit of VMware management. Can’t manage labs in VMware without some management know how. LINKS 1. Wazuh · The Open Source Security Platform 2. Lab Instructions - Emulation of ATT&CK techniques and detection with Wazuh 3. Sysmon config from SwiftOnSecurity 4. Wazuh Server Rules 5. Video: Installing The ED...
Time for more Wazuh and Sysmon. This time we’re adding Atomic Red Team for testing. This is starting to look really good. Unfortunately we’re missing something. LINKS 1. Wazuh · The Open Source Security Platform 2. Lab Instructions - Emulation of ATT&CK techniques and detection with Wazuh 3. Sysmon config from SwiftOnSecurity 4. Wazuh Server Rules 5. Video: 163. Use Sysinternals Sysmon with Wazuh: The Swiss Army Knife for Windows Monitoring FIND US ON 1. Twitter - DamienHull 2. YouTube...
We’ve packed a lot into one episode. We’re reviewing Dorothy’s lab, Wazuh & Sysmon and Microsoft 365. We do have some good news. Got Sysmon installed. We also have access to good Microsoft 365 instructions and a book. We’re moving in the right direction. LINKS 1. Sysmon Installation 2. Microsoft 365 Business Premium Partner Playbook and Readiness Series 3. Office 365 for IT Pros 4. ITProMentor: The Microsoft 365 Consultant’s Bundle FIND US ON 1. Twitter - DamienHull 2. YouTube...
There are many ways to answer this question. First, you need some skills. For this ongoing project we’ve decided to focus on Windows. Server 2019, Windows 10 and 11, and a bit of networking for good measure. One has to start somewhere. FIND US ON 1. Twitter - DamienHull 2. YouTube...
We’re in the process of testing Microsoft Defender for Business. This includes vulnerability management, endpoint detection and response and a lot more. This could be the security solution we’ve been looking for. LINKS 1. Overview of Microsoft Defender for Business 2. Video: Onboarding Windows 10 devices to Defender for Business FIND US ON 1. Twitter - DamienHull 2. YouTube...
Of course security solutions aren’t 100% perfect. So, why are people building security programs around perfect solutions? LINKS 1. YouTube Video: "Prevention First": An Approach to Cybersecurity w/ Minerva Labs! FIND US ON 1. Twitter - DamienHull 2. YouTube...
Time to go deeper down the Sysmon rabbit hole. Looks like Wazuh does a lot more than we thought. LINKS 1. Sysmon 2. Wazuh FIND US ON 1. Twitter - DamienHull 2. YouTube...
Time to start thinking about our Sysmon deployment. There are a lot of moving parts to this project. It won’t be a simple install on Windows 10. That’s just a small part of the project. LINKS 1. Security Onion 2. Getting started with Elastic Stack 3. Sysmon 4. Wazuh FIND US ON 1. Twitter - DamienHull 2. YouTube...
We’re conducting a mini security audit. We’ve got our short list of things we’re doing for security. Are they working for us? Are there things we need to change? How are we doing? LINKS 1. Security Onion 2. Getting started with Elastic Stack 3. Sysmon 4. AppLocker FIND US ON 1. Twitter - DamienHull 2. YouTube...
It works! We have application allow listing with AppLocker. Pushed out the settings from Intune. This is awesome! NOTE: No links to instructions for Intune and AppLocker. I need to find good documentation or write my own. LINKS 1. Security Onion 2. Getting started with Elastic Stack 3. Sysmon 4. AppLocker FIND US ON 1. Twitter - DamienHull 2. YouTube...
