Written by: Roxy
Tabletop meetings are opportunities to test out your employees, processes, and procedures to see how a particular scenario would play out.
In this blog post, we’re going to explain how you may want to plan a tabletop meeting, describing the process by starting with the planning phase and then–as if it were different points of a plot in a story–the hook, twist, climax, and resolution.
The very first thing you’ll do is create a list of 10 or so tabletop scenarios and pick one or two that you think will be the best for the goals you…
Listen in here.
On today’s show, Heather Terry chats with Steve McMaster, Brian Karrigan, Dusty Miller, and Austin O’Neil as they wrap up their discussion on designing a security operations center (SOC). In case you missed it, make sure to listen to Designing a SOC: Internal or External? Part 1.
Listen in here.
On today’s show, Heather Terry welcomes a few members of the Hurricane Labs’ team–Steve McMaster, Brian Karrigan, Dusty Miller, and Austin O’Neil–to discuss the steps that go into establishing a SOC team, and what you’ll want to consider when deciding whether your team will be internal or whether you’ll work with a Managed Security Services Provider (MSSP).
Also, make sure to check out some of the resources mentioned during this episode:
Written by: Roxy
Generally speaking, organizations run more effectively with well-written policies, and policies can also be a conversation starter to tackle some of the objectives or goals that not everyone is on board with.
The benefits of a well-written policy become even more important when it comes to responding to a vulnerability or incident. Having a vulnerability management policy is not only a requirement for compliance with PCI, SOC, and most other similar certifications, but it also provides guidance and expectations within your organization.
If you’re considering writing or updating your vulnerability management policy, you can listen to our…
Written by: Dennis Goodlett
I’ve seen this question a few times: is it better to learn Radare2 (r2) or GNU Debugger (GDB)? The short answer is you should learn both. The long answer depends on what you are really asking. I usually see this question posed when someone wants to learn binary reverse engineering. In this case, the real question is, “How should I get started? With GDB or r2?”
My simple answer is GDB. To learn C, you must read C. To learn assembly, you must read assembly. Reading assembly is harder if you have no concept of pointers…
Written by: Kelsey Clark
When it comes to email communications today, phishing and spam are both unwelcome nuisances in everyone’s inbox. In order to defend against the different tactics cybercriminals are leveraging online, a variety of essential security measures are necessary–one of the most important being general awareness.
Even though the words “phishing” and “spam” are often used interchangeably, these terms actually have different meanings. This blog post will help you understand how to differentiate between phishing attacks, spam messages, and marketing emails as well as help you recognize them before they exploit you.
First, let’s talk about phishing. Please…
Written by: Tom Kopchak
Have you ever wondered what goes into the development of the Splunk Certification exams? If so, you’re in the right place.
In this post, I will discuss the Splunk exam development process, how Splunk Trust folks got involved in writing exam questions, and what to keep in mind when you’re the one taking an exam.
Earlier this year, Splunk announced the Ideas Portal, where Splunk Community members can propose suggestions for improving the product. These ideas will get voted on by other Splunk Users, and votes will help determine which ones get selected. One such idea…
Written by: Cameron Krivanek
Hardening involves reducing risk through the identification and remediation of vulnerabilities across the attack surface of a system. A system tends to have more vulnerabilities or a larger attack surface as its complexity or functionality increases.
Hardening is necessary in a production environment in order to reduce any risk and loss to critical business assets, but it is also a process that can–and often should–be applied everywhere.
In response to the ever-growing attack surface, our SOC Analyst Cameron Krivanek has put together a list of top recommended Windows hardening techniques you can use to boost your…
Written by: Jaime Borchert
Have you ever gotten an email from someone with a message saying “Please see attached,” “Past due notice,” or, my favorite, “Invoice #” and wondered if you should click on that link? Or perhaps that link just looks odd and you want to be sure if it’s safe before clicking it? At Hurricane Labs, we see these types of things frequently.
In this post, I will discuss a few strategies and tools I utilize when investigating those links to determine if they are legitimate or malicious.
Written by: Tom Kopchak
The Splunk Universal Forwarder is the best mechanism for collecting logs from servers and end-user systems. In order to collect logs at scale, it is necessary to deploy the Universal Forwarder to every system where log collection is required. Managing the deployment of the Universal Forwarder is best handled via whatever mechanism your organization uses to deploy software packages across machines in your organization. However, if you’re doing a one-off installation of the Universal Forwarder or don’t have a method of deploying MSIs, the installer may be an acceptable option.
In this tutorial, we’ll explore how…
Just a bunch of infosec nerds with a knack for Splunk. Comic book and Nerf gun fanatics.