Mar 04 2022

What Security Engineers Hate About SIEM

Category: cyber security,Security Operations Center,Security Tools,Threat detectionDISC @ 4:09 pm
What Security Engineers Hate About SIEM

SIEM Satisfaction is Mediocre

When CISOs, CIOs, CTOs, security engineers, security analysts and security architects were asked to rank the primary capabilities of a traditional SIEM according to how satisfied they were with those capabilities, an interesting picture emerged. The survey results indicated that every primary capability of traditional SIEM solutions, at best, only somewhat met the majority of users’ needs. Some capabilities were irrelevant to many users. This tepid level of satisfaction is what drove many security teams to undertake the effort to build their own security monitoring tools. 

Data Coverage and Data Use

Less than 25% of the respondents believed that their SIEM covered more than 75% of their security-relevant data. Nearly 17% responded that their existing platform covered less than a quarter of their data.

Furthermore, when asked if they believed their current SIEM platform were capable of handling the volume of security data their organization will generate in the future, a third of the respondents said they expected their existing platform to keep falling behind. 

These results underscore the risks security teams (and their organizations) are forced to tolerate due to the cost and overhead required to bring high volumes of security-relevant data into traditional SIEM platforms. Without full visibility into all necessary data, security teams will undoubtedly have blind spots that impede their ability to protect their organizations.

OK, so what can they do instead? Well, a cloud-native architecture capable of ingesting, normalizing and analyzing terabytes of data per day cost-effectively is necessary to keep up.

Moving From Static to Dynamic

Security professionals are well aware of the static nature of traditional SIEM platforms. Many believe they pay too much for the capabilities provided and are concerned about what the future holds. 

SIEMs were designed over ten years ago when the world was a very different place. The technology hasn’t evolved its approach to keep up with the needs of cloud-scale environments. Adequate security today depends on full visibility into security-relevant data, structured, scalable data lakes, cloud-native workflows and fast detection and response times. Security teams need a modern approach to security monitoring built for the cloud-first world.

Security Information and Event Management (SIEM) Implementation 

Tags: SIEM

Feb 19 2022

CISA compiled a list of free cybersecurity tools and services

Category: Security ToolsDISC @ 9:45 pm
CISA compiled a list of free cybersecurity tools and services

The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week that it has compiled a list of free cybersecurity tools and services that can help organizations to reduce cybersecurity risk and increase resilience.

The list is part of an ongoing project, it will be continuously updated by CISA that also plans to allow third parties to propose their resources to include in the list.

The list includes open source tools and free resources provided by government organizations and private cybersecurity firms.

The tools cover a broad range of activities normally conducted by defenders, from incident response to threat detection.

“As part of our continuing mission to reduce cybersecurity risk across U.S. critical infrastructure partners and state, local, tribal, and territorial governments, CISA has compiled a list of free cybersecurity tools and services to help organizations further advance their security capabilities. This living repository includes cybersecurity services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. CISA will implement a process for organizations to submit additional free tools and services for inclusion on this list in the future.” reads the announcement published by CISA. “The list is not comprehensive and is subject to change pending future additions.”

The US agency proposed the following categorization according to the four goals outlined in CISA Insights: Implement Cybersecurity Measures Now to Protect Against Critical Threats:

  1. Reducing the likelihood of a damaging cyber incident;
  2. Detecting malicious activity quickly;
  3. Responding effectively to confirmed incidents; and
  4. Maximizing resilience.

The list already includes cybersecurity tools and services from major IT and cybersecurity firms, including ones provided by CISA, AT&T Cybersecurity, Cloudflare, Cisco, Center for Internet Security, CrowdStrike, Google, IBM, Microsoft, Mandiant, Splunk, SANS, Secureworks, Tenable, and Palo Alto Networks. The list also includes tens of tools are open source.

CISA pointed out that it does not endorse any commercial product or service.

DISC InfoSec Tools and training

DISC InfoSec Books

DISC InfoSec Services

Tags: CISA, free cybersecurity tools

Feb 02 2022

Image OSINT Tutorial – Exif, Metadata, Reverse Image & Geolocation

Category: OSINT,Security ToolsDISC @ 10:49 pm
Image OSINT Tutorial – Exif, Metadata, Reverse Image & Geolocation

The internet is making the world a much smaller place over the period, allowing millions of users throughout the globe to interact and share digital information, ushering the rest of the world into the ‘digital world.’

Open-source intelligence (OSINT) in the digital world describes all the public data you can access and view.

Images are also incredibly helpful in an OSINT investigation since they can reveal what a target seems like, where the target has been, or any devices that were used.

Researchers can utilize pics to create the intelligence image, discover equipment used to capture photographs, determine where and when photos were taken, and determine if a social media profile relates to a target utilizing search engines and free resources.

This article is a list of tools and tips. It will show you how to look for, obtain, extract, and analyze digital photos.

Table of Contents

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

Tags: Open-source intelligence, OSINT

Jan 10 2022

US NCSC and DoS share best practices against surveillance tools

Category: Cyber surveillance,Security ToolsDISC @ 10:44 am
US NCSC and DoS share best practices against surveillance tools

The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools.

In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes.

Surveillance tools can be used to record audio, including phone calls, track the phone’s location, and access and retrieve all content on a phone (i.e. text messages, files, chats, commercial messaging app content, contacts, and browsing history).

These tools were used in attacks aimed at journalists, dissidents, and other persons around the world.

“Journalists, dissidents, and other persons around the world have been targeted and tracked using these tools, which allow malign actors to infect mobile and internet-connected devices with malware over both WiFi and cellular data connections.” reads the guidance. “In some cases, malign actors can infect a targeted device with no action from the device owner. In others, they can use an infected link to gain access to a device.”

Below is the list of cybersecurity practices recommended by the NCSC and the US State Department to mitigate the risk of exposure to attacks using these tools:

  • Regularly update device operating systems and mobile applications.
  • Be suspicious of content from unfamiliar senders, especially those which contain links or attachments.
  • Don’t click on suspicious links or suspicious emails and attachments.
  • Check URLs before clicking links, or go to websites directly.
  • Regularly restart mobile devices, which may help damage or remove malware implants.
  • Encrypt and password protect your device.
  • Maintain physical control of your device when possible.
  • Use trusted Virtual Private Networks.
  • Disable geo-location options and cover camera on devices.
  • While these steps mitigate risks, they don’t eliminate them. It’s always safest to behave as if the device is compromised, so be mindful of sensitive content.

Big Brother Technology: PRISM, XKeyscore, and other Spy Tools of the Global Surveillance State

Tags: Global Surveillance, PRISM, Spy Tools, surveillance tools, US NCSC, XKeyscore

Dec 17 2021

SANS Free Tools

Category: Security ToolsDISC @ 5:03 pm

Sans-Free-Tools-six-pages-1Download

Dec 13 2021

Hacking tools cheat sheet

Category: Cheat Sheet,Hacking,Security ToolsDISC @ 10:35 am

Hacking-tools-cheat-sheet-1Download

Tags: Hacking tools cheat sheet

Dec 04 2021

Redeem your 10% discount on any toolkit

Category: Information Security,Security ToolsDISC @ 1:48 pm

Tags: toolkits

Dec 01 2021

List of data breaches and cyber attacks in November 2021 – 223.6 million records breached

Category: Cyber Attack,Data Breach,Information Security,Security Breach,Security ToolsDISC @ 10:03 am
Luke Irwin  1st December 2021

In November, we discovered 81 publicly disclosed cyber security incidents, accounting for 223,615,390 breached records.

With one month left in 2021, the annual total running total of compromised records is to just shy of 5 billion.

Keep an eye out for our end-of-year report in the next few weeks, where we’ll break down the findings of these lists – or subscribe to our Weekly Round-up to get the latest news sent straight to your inbox.

In the meantime, you can find the full list of security incidents below, with those affecting UK organizations listed in bold.

Contents

Different techniques and tools used by cyberattackers to exploit a system are thoroughly discussed and analyzed in their respective chapters.

Use promo code XMASTOOLS to redeem your 10% discount on any toolkit, but hurry – this exclusive offer ends December 5.

Toolkits are sets of documents and tools that allow you to easily create and maintain up-to-date compliance documents. Each toolkit contains:

* Pre-written policies, procedures, and templates created by industry experts that will save you time and money

* Additional tools to ensure complete coverage of the relevant standard, framework, or regulation

* Work instructions and guidance

Tags: cyber attacks, data breach, infosec toolkits

Nov 29 2021

InfoSec books, toolkits, and training courses – 15% off

Category: Information Security,Security Tools,Security trainingDISC @ 5:16 pm

Save 15% off books, toolkits, self-paced training courses, and selected Live Online training courses. Use code BF15 at checkout to claim your discount. But hurry, offer ends tomorrow 30 November, midnight PDT*.

This Black Friday ITG is offering you 15% off ITGP books, ITGP toolkits, self-paced training courses, and selected Live Online training courses.


Discover all resources
May be an image of text that says 'Cyber Resilience Documentation Toolkit Cybersecurity Governance and Risk Management Toolkit Cyber Resilience Toolkit Cyber Essentials Documentation Toolkit Cybersecurity Toolkit Cyber Essentials Toolkit'
    Bestselling books    
The California Privacy Rights Act (CPRA) – An implementation and compliance guide The California Privacy Rights Act (CPRA) – An implementation and compliance guide This book gives you a comprehensive understanding of the CPRA, covering key terms, security requirements, the breach notification procedure, and the penalties for non-compliance.
ISO 27001 controls – A guide to implementing and auditing ISO 27001 controls – A guide to implementing and auditing The must-have book to understand the requirements of an ISMS (information security management system) based on ISO 27001.

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Certified ISO 27001 ISMS Foundation Self-Paced Online Training Course This course provides a complete introduction to the key elements required to achieve ISO 27001 compliance.

Tags: InfoSec books, infosec toolkits, InfoSec training

Oct 21 2021

US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes

Category: Security ToolsDISC @ 9:57 am
US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes

The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes.

The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes. 

The rule announced by the BIS tightens export controls on technology that could be used by adversaries to conduct malicious cyber activities and surveillance of private citizens resulting in human rights abuse.

The rull will become effective in 90 days and will ban the export of “cybersecurity items” for National Security (NS) and Anti-terrorism (AT) reasons.

“Specifically, this rule establishes a new control on these items for National Security (NS) and Anti-terrorism (AT) reasons, along with a new License Exception Authorized Cybersecurity Exports (ACE) that authorizes exports of these items to most destinations except in the circumstances described. These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it.” reads the announcement published by the Bureau of Industry and Security, Commerce.

The new License Exception Authorized Cybersecurity Exports would allow the export, reexport and transfer (in-country) of ‘cybersecurity items’ to most destinations, while retaining a license requirement for exports to countries of national security or weapons of mass destruction concern.  The license will be required for those countries subject to a U.S. arms embargo.

The complete list includes states of weapons of mass destruction or national security concern or subject to a U.S. arms embargo.

The rule is consistent with the result of BIS’s negotiations in the Wassenaar Arrangement (W.A.) multilateral export control regime and results from a review of comments from Congress, the private sector, academia, civil society, and other stakeholders.

Tags: authoritarian regimes, hacking tools

Aug 17 2021

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Category: Access Control,PowerShell Security,Security Breach,Security patching,Security ToolsDISC @ 8:38 am
Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF installs.

An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that could allow an attacker

The vulnerability impacts Fortinet FortiWeb versions 6.3.11 and earlier, an authenticated attacker could exploit the issue to take complete control of servers running vulnerable versions of the FortiWeb WAF.

An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw (i.e. CVE-2020-29015) to allow an unauthenticated attacker to trigger the vulnerability.

The vulnerability was reported by the researcher William Vu from Rapid7.

“An attacker, who is first authenticated to the management interface of the FortiWeb device, can smuggle commands using backticks in the “Name” field of the SAML Server configuration page. These commands are then executed as the root user of the underlying operating system.” reads the post published by Rapid7. “An attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges. “

The flaw could allow an attacker to deploy a persistent shell, install crypto mining software, or other malware families. If the management interface is exposed to the internet, an attacker could trigger the issue to reach into the affected network beyond the DMZ. Rapid7 researchers discovered less than three hundred devices exposing their management interfaces online. Let’s remind that management interfaces for devices like FortiWeb should not be exposed online!

OWASP WEB APPLICATION SECURITY THREATS – MARKET INTEREST TREND : FULL REPORT PACKAGE by [CURIOSITY PUBLISHERS]

Tags: OS Command Injection

Aug 13 2021

Google open-sourced Allstar tool to secure GitHub repositories

Category: App Security,File Security,Security ToolsDISC @ 10:02 am
Google open-sourced Allstar tool to secure GitHub repositories

Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations.

Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security policies to prevent misconfiguration.

“Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuously monitor and detect any GitHub setting or repository file contents that may be risky or do not follow security best practices.” reads the project description. “If Allstar finds a repository to be out of compliance, it will take an action such as create an issue or restore security settings.”

Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information

Tags: Open source

Jan 28 2021

TeamTNT group adds new detection evasion tool to its Linux miner

Category: Security ToolsDISC @ 10:56 am
TeamTNT group adds new detection evasion tool to its Linux miner

The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn.

Early this year, researchers from Trend Micro discovered that the TeamTNT botnet was improved with the ability to steal Docker credentials.

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations.

“The group is using a new detection evasion tool, copied from open source repositories,” reads the analysis published by AT&T Alien Labs.

The threat actor behind the botnet used the new tool to hide the malicious process from process information programs such as `ps` and `lsof`and evading the detection.

The libprocesshider open-source tool is available on Github since 2014 and is able to “hide a process under Linux using the ld preloader.” The “preloading” technique allows the system to load a custom shared library before other system libraries are loaded. If the custom shared library exports a function with the same signature of a library that is located in the system libraries, the custom version will override it.

Jan 27 2021

ISO Self Assessment Tools

Category: ISO 27k,Security ToolsDISC @ 3:49 pm

ISO Self assessment tools list includes but not limited to Privacy, ISO 27001, ISO 9001 and ISO 14001 & ISO/IEC 27701 2019 Standard and Toolkit

Tags: CPRA, Gap assessment tool, Information Privacy, ISO 14001, iso 27001, ISO 27001 2013 Gap Assessment, ISO 27701 Gap Analysis Tool, iso 9001, iso assessment, Security Risk Assessment

Jan 26 2021

SANS Faculty Free Tools

Category: Information Security,Security ToolsDISC @ 4:44 pm

SANS Faculty free tools download

May 24 2020

FREE Open Source Tools

Category: Security ToolsDISC @ 4:23 pm

FREE Open Source Tools – via SANS Institute

[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/05/Free-open-source-tools.pdf” title=”Free open source tools”]

Download a pdf

Open source intelligence (OSINT)

Open source intelligence (OSINT)

Guide: 21 OSINT Tools for Threat Intelligence

OSINT Tutorial to Find Personal Information

Cybersecurity Tools | Popular Tools for Cybersecurity Threats
httpv://www.youtube.com/watch?v=KgtevibJlTE


Download a CyberAware cheat sheet




Jun 15 2019

Chinese spies stole NSA hacking tools, report finds

Category: Hacking,Security ToolsDISC @ 4:01 pm

In the report, the cybersecurity company Symantec claims that a Chinese hacker group associated with Chinese government intelligence conducted a hacking campaign using a tool that at the time was only known to be the property of the NSA.

Source: Chinese spies stole NSA hacking tools, report finds


Enter your email address:

Delivered by FeedBurner




Jun 11 2019

Zydra : Password Recovery Tool & Linux Shadow File Cracker

Category: Security ToolsDISC @ 2:03 pm

Zydra is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords.

Source: Zydra : Password Recovery Tool & Linux Shadow File Cracker




 Subscribe in a reader




Tags: password recovery, zydra

Apr 25 2019

Computer security training courses

Category: Security Awareness,Security Tools,Security trainingDISC @ 11:18 am

Computer security training courses – Online cyber security courses

Build your cyber security awareness and InfoSec career to keep your cyber security skills relevant. Learn how to protect your information assets against today’s cyber threats with best online cyber security training courses.

 

DISC InfoSec cyber security training curriculum includes specialized InfoSec training and general cyber security courses for all levels.

 

Security Penetration Testing (The Art of Hacking Series) LiveLessons

Security Penetration Testing (The Art of Hacking Series) LiveLessons

Linux Security and Hardening, The Practical Security Guide

Linux Security and Hardening, The Practical Security Guide

CISSP LiveLessons

CISSP LiveLessons

Red Hat Certified Engineer (RHCE) with Virtual Machines LiveLessons

Red Hat Certified Engineer (RHCE) with Virtual Machines LiveLessons, 2nd Edition

Fundamentals of nerc cip

Fundamentals of nerc cip

Cyber Security – Online Scams & How to Avoid Them

Cyber Security - Online Scams & How to Avoid Them

Disaster Recovery and Risk Management

Disaster Recovery and Risk Management

 

 

Penetration Testing

Kali Linux

ISO27001

Python

CISSP

GDPR

Linux

Identity Theft

Powershell Security

Programming Courses

Security Risk Management

Planning a Security Incident Respose

 AWS Security

Azure Security

Network Security

Wireless Security

RedHat Security

InfoSec eLearning

Social Engineering

Essentials of CyberSecurity

Azure Security & Compliance

Cyber Security Training Courses

Security Disaster Recovery

Cloud Security Computing 

 

 


 Subscribe in a reader




Tags: Chief security officer, information security awareness, information security guide, security awareness training

Apr 20 2019

Every Linux Networking Tool

Category: Network security,Security ToolsDISC @ 4:31 pm

Every Linux Networking Tool – By Julia Evans

No alt text provided for this image


 Subscribe in a reader




Tags: Hacker (computer security), Linux Networking Tool, Network tools, security tools

« Previous PageNext Page »