Skip to main content

Search

Items tagged with: BlueTeam


Today I made my threat hunt book publicly known on LinkedIn. So far the feedback has been overwhelming. I do hope my efforts will contribute to educate both threat hunters and SOC analysts!

#threathunting #soc #blueteam #cybersec #cybersecurity

huntbook.predefender.com


Cybersecurity course: 𝗢𝗻𝗹𝗶𝗻𝗲, 𝗵𝗮𝗻𝗱𝘀-𝗼𝗻, 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗮𝗹, 𝗮𝗻𝗱 𝗳𝗿𝗲𝗲!
Czech Technical Univeristy's "Introduction to Security" class opens online for free! 14 weeks of deep attacking and defending. Join us and register for free. Starting on Sep 26th. 
cybersecurity.bsy.fel.cvut.cz/
#cybersec #infosec #blueteam #redteam #education #security


Tu je niekoľko populárnych hashtagov týkajúcich sa rôznych tém v oblasti kybernetickej bezpečnosti:

  1. #CyberSecurity - General cybersecurity topics
  2. #InfoSec - Information security
  3. #PenTesting - Penetration testing
  4. #OSINT - Open-source intelligence
  5. #ThreatHunting - Identifying and responding to threats
  6. #MalwareAnalysis - Analyzing and understanding malware
  7. #IncidentResponse - Responding to cyber incidents
  8. #ZeroDay - Zero-day vulnerabilities and exploits
  9. #CyberThreats - Cyber threat intelligence
  10. #EthicalHacking - Hacking for ethical purposes
  11. #RedTeam - Offensive security testing
  12. #BlueTeam - Defensive security operations
  13. #CloudSecurity - Securing cloud environments
  14. #IoTSecurity - Security for Internet of Things devices
  15. #DataProtection - Protecting sensitive data
  16. #SOC - Security Operations Center practices
  17. #Phishing - Phishing attacks and prevention
  18. #Ransomware - Ransomware threats and defenses
  19. #CryptoSecurity - Cryptography and encryption
  20. #AppSec - Application security
  21. #BugBounty - Programs for finding and reporting security bugs
  22. #DigitalForensics - Investigating cyber crimes
  23. #Privacy - Protecting personal and organizational privacy
  24. #CISO - Chief Information Security Officer topics
  25. #GDPR - General Data Protection Regulation compliance

Môžete ich používať na platformách sociálnych médií, aby ste objavili obsah, zapojili sa do diskusií a zostali informovaní o najnovších poznatkoch v oblasti kybernetickej bezpečnosti.


Mini Blue Team Diaries Story:

Was responsible for SecOps at a SaaS platform that managed lots of things for companies, including travel bookings.

We had a bunch of customers in the higher education space who used SSO to login to our app. Unfortunately, MFA within the SSO configuration was not common back then, so a compromised university account would lead to much access, including to our platform.

Suddenly, a thing we saw a lot of, was higher-ed customers reporting that they were being charged for trips that just didn't make sense. These were bookings for same day travel, usually between two African cities.

After some digging around and investigation, we figured out that a threat actor would phish or purchase the users university credentials, then, using the SSO into our environment, they'd make bookings using the travel booking feature - those bookings were made on behalf of the threat actors customers, who actually thought they were dealing with a legit, well-connected travel agent.

We were able to advise our customers on how to stop this type of thing happening, with approval rules for bookings, and ya know, MFA, and also managed to build in some detective controls so our team could detect and shut down such bookings as soon as they came in.

What made this particularly interesting though, through some OSINT, we were able to determine the true identity of the actor responsible - and we connected with them on Facebook, mainly because we wanted to ask them about their methods now that we'd all but shut down their scheme.

We chatted for a bit, and got some useful intel. At the end, the actor congratulated the team on our new controls, and said they'd moved on to using another service they'd found to make his bookings.

For more, slightly less mini, Blue Team Diaries stories like this, check out infosecdiaries.com

#infosec #DFIR #BlueTeam #infosecreads #cybersecurity