Here are the most recent blog posts. Use the menu above to see all entries.
So Kubernetes is something I’ve been meaning to play with for a while now, but I didn’t really have a good enough use case to really try it out. Docker was doing what I needed it to do without the complexity of Kubernetes so I was all good. I tried getting into Kubernetes a few years ago, watched plenty of videos but it all kind of fell by the wayside, and was eventually forgotten about.
I’ve been fortunate in that my workplace has sponsored me to take the SANS SEC504 - Hacker Tools, Techniques and Incident Handling as a 4 month on-demand course. This is the second SANS course that I have been fortunate enough to attend. The first one was the SEC511 - Continous Security Monitoring back in 2016, which was done on-site over 6 days. I have to say that with the amount of content thats jammed into these courses, I found that on-site was a struggle for me.
In my last post about the MITRE attack Navigator I covered how you can create multiple layers and then aggregate them together which is all well and good until you realise, that if you wanted to see that level of detail each time you accessed the Attack Navigator you need to specify that json file. This is where this post comes in. Its quite a straight forward process to host your own navigator and further customise it to suit your needs.
MITRE ATT&CK. Its the bread and butter for Security Operations Centres. But how are you tracking what you can detect? Does your SIEM have a built in tool?, Perhaps you have you straight up copied the matrix into Excel? or keeping score in a text file? You may or may not be aware of the online version of the MITRE Navigator. Theres heaps of functionality, allowing you to apply custom colors, heat mapping to score tallies, show all the tactic/technique ID’s as well as export functionality to Excel/SVG/JSON.
Template by Bootstrapious. Ported to Hugo by DevCows
