SIEM
Internationalizing SIEM Rules
When workstations and services are used in a language other than English, some changes to detection rules are required to ensure consistent coverage
SIEM
When workstations and services are used in a language other than English, some changes to detection rules are required to ensure consistent coverage
Entra ID
I recently experienced an issue where a Sentinel alert for successful Entra ID signin from an unexpected location, fired multiple times after an attacker had already been evicted, and all sessions had been revoked. Initially I assumed something had gone wrong with the revocation process, as all of the subsequent
Azure
For anyone not familiar with Canary Tokens - it's a free service offered by Thinkst which allows for the creation of various kinds of token that can be hidden in a environment ready to be tripped by an attacker. They also offer a commercial service where canaries are
Threat Hunting
Using the Microsoft Graph API with Python to hunt down malicious inbox rules in Office365 mailboxes
Azure
Using HoneyDB and Suricata together with Azure Sentinel to analyse honeypot data and provide useful insights
Azure
I've been starting to use Azure Sentinel [https://azure.microsoft.com/en-gb/services/azure-sentinel/] recently and explore some of its capabilities - there are currently about 40 built-in data-connectors that take logs from different services/products. I decided to see if I could add integrations with some open-source
Cloud
The real-time information displays at Bus and Tram stops in Nottingham are really useful but for a while I've wanted to get this information before I leave the house/office. I've recently discovered the API which exposes this information and used it to build a reconstruction
Cybersecurity and other technical wanderings
When you think about software for information security you probably think of NMAP, Mimikatz, maybe a SIEM or Burp. But I find I spend quite a lot of time taking data from various sources in varying formats and wanting to do some analysis, I'm no data scientist so
An easy to follow process guide can improve consistency and professionalism while collecting details and performing triage
I've recently taken (and passed) the CPSA exam [https://www.crest-approved.org/examination/practitioner-security-analyst/] and wanted to write up some thoughts and some guidance for others taking (or thinking about taking) the exam since there's not too much information out there about what it's