Throughout my cybersecurity career, I’ve had the opportunity to build three Cyber Security Operation Centers (SOCs) from scratch, including two for Managed Detection and Response (MDR) providers.
Recently, the killer vulnerability research team at Qualys discovered a Remote Code Execution (RCE) vulnerability in OpenSSH that exploits a race condition within SSH. This vulnerability is particularly concerning because SSH is commonly exposed to the internet for remote system management.
The volume and quality of Threat Intelligence for Linux attacks have traditionally lagged behind that for Windows, despite Linux's significant cloud presence. Most reports have focused on reverse engineering Linux-based malware and attack tools.
If you work in cybersecurity or tech, you’re likely familiar with hashing. A cryptographic hash function generates a fixed-size hash value from any given input data. This is a one-way process, making it computationally infeasible to reverse-engineer the original data from the hash value.
Over the past few weeks, I have done a deep dive into the public research available on Linux Ransomware, seeking to understand the broader landscape as there is an over emphasis on the Mirai botnet. I discovered that although there is an abundance of *outstanding* whitepapers and research pieces,
As someone that primarily does Linux security research, I was frustrated that there wasn't an equivalent of an imphash for Linux ELF binaries. So, I decided to make one myself. Introducing ImpELF.
Snort rules are considered the gold standard of Network Intrusion Detection signatures, and because of that it is important for new analysts to learn how to read and understand the logic of them. These days, there are a ton of great blogs already on understanding them, such as this one by Rapid7.
Have you heard of Adversary Emulation platforms, but aren't really sure what they are or how they work? Or perhaps think they are security tools reserved for only the most advanced teams with huge budgets? Let's take a look at what an Adversary Emulation platform is, go over some sample
An introduction to the Mitre ATT&CK framework, the Mitre ATT&CK Navigator, and some example processes to get you started.
Lets face it - the state of Linux security monitoring sucks. Linux is often treated as a second class citizen in terms of feature set when compared to its windows counter parts.
Security operations and monitoring teams face a variety of challenges: the rapid evolution of adversarial tradecraft