This blog post stems from a recent conversation with my former colleague, David Bianco, on the Defender's Dilemma." The Defender's Dilemma is often cited by those without firsthand experience in investigating cybersecurity incidents.
A common trope among cybersecurity practitioners is gatekeeping entry-level positions like junior Security Operations Center (SOC) analysts with statements like, "How are you supposed to secure something if you've never managed it?" This is a concept that I **highly** disagree with.
As someone that primarily does Linux security research, I was frustrated that there wasn't an equivalent of an imphash for Linux ELF binaries. So, I decided to make one myself. Introducing ImpELF.
This is a blog dedicated to those like myself who may have an "alternative" background when it comes to getting into cybersecurity.
Snort rules are considered the gold standard of Network Intrusion Detection signatures, and because of that it is important for new analysts to learn how to read and understand the logic of them. These days, there are a ton of great blogs already on understanding them, such as this one by Rapid7.
Have you heard of Adversary Emulation platforms, but aren't really sure what they are or how they work? Or perhaps think they are security tools reserved for only the most advanced teams with huge budgets? Let's take a look at what an Adversary Emulation platform is, go over some sample
Lets face it - the state of Linux security monitoring sucks. Linux is often treated as a second class citizen in terms of feature set when compared to its windows counter parts.
This is a guide to setting up a minimal and secure Python development environment for Ubuntu There are a lot of blog posts out there on learning the basics of programming or how to create your first web app with python, but weirdly not very many on how to setup a secure environment.