From The Bottom of Information Technology
I work in information security and I enjoy everything SIEM related so learning Splunk was a no-brainer for me. Splunk has so many applications that almost any environment can benefit from a Splunk deployment. Whether you are using it as a log management system or creating dashboards for data analytics, Splunk provides a nice framework …
Read More “Splunk Core Certified User Certification – Review”
Anyone responsible for securing assets in Amazon Web Services may want to pursue the AWS Security Specialty certification. The exam has given me confidence to work at a professional level on any of the domains covered in the exam. What is it? The AWS Security Specialty certification was designed for professionals that currently work in …
Read More “How I Passed the AWS Certified Security – Specialty”
LogRhythm is a “NextGen SIEM” that allows much more than log management. They include all the current cyber security acronyms in their SIEM solution such as UEBA, NTBA, SAO, and TLM. I will be focusing on the network traffic and behavior analytics offering called LogRhythm NetMon. LogRhythm NetMon is used to collect inline or mirrored …
Nessus professional is nice for small business vulnerability management, but the reporting is lacking until you upgrade to Security Center. VulnWhisperer uses the elastic stack to provide scan result summaries that are easy to review and report to management or operations teams for remediation. Impress your C-suite with vulnerability reports using VulnWhisperer. Prerequisites: Ubuntu 18 …
Inspector is a tool/service provided by AWS that allows for assessing the vulnerability and compliance posture of instances in your cloud and on-prem environment. One immediate benefit to using Inspector is that no ports need to be opened on the instance to allow for vulnerability and compliance scanning. This keeps the attack surface small while …
IDA has been the standard for reverse engineering for many years, but the price of licensing for the software has kept the product from the reach of many small to medium size IT departments. This changes with the introduction of GHIDRA. GHIDRA is a set of open source tools released by the NSA that will …
I will be showing the process of logging from the OS on an EC2 instance to CloudTrail, then sending an alert based on a specific action performed on the EC2 instance using multiple AWS services. The first step is to install the CloudWatch agent on the EC2 instance. I will showing how to install the …
Now before we dive in, lets explain what we are doing, and why we are using this method. DISA STIGS are DOD IA configuration standards used for systems that play a critical role in providing government services. Based the the capabilities of the system, these configuration changes will harden a system and reduce the attack …
The industry skill base is shifting towards a new idea of enterprise IT, but are we still thinking “Old IT”? Organizations are moving to the cloud with a traditional IT mindset, and its costing more than it should. Moving to the cloud, in general, has lots of immediate benefits including scalability, availability, and automating tasks …
DevSecOps is the term being passed around recently. Instead of talking about what it is, I wanted to provide an action item that would be quick and easy to implement into your environment. This method will scan git repositories for AWS keys before making them public. What is git secrets? Git-Secrets has the ability to …