Security Orchestration and Automated Response (SOAR), its the natural evolution of where security teams are heading, and as our numbers in this space seems to never be enough, we look to SOAR tools to automate to free up our time to so we can spend it doing more productive things, like drinking coffee and threat hunting. Automation brings standard and repeatable processes which could just buy us that breathing space.
Defense in depth, it’s a good thing. But how much is too much? While you could argue that you can never have enough security, the answer to that question really is, how big is your wallet? You want the best of breed everything, then its going to cost you….. dearly, while it would be amazing if that level of cash could be splashed, its not always the case and its not always the best solution for your organisation.
Now that I’ve gone through a series on TheHive, I’ve started to expand on the capabilities of this DFIR platform by starting to write my own Responders. Responders are essentially a way to perform an enhancement action on a given case, alert or observable. The built in Responders from the Cortex GitHub repo include a responder that will email the case or alert details to you as well as responders that interface with CrowdStrike, QRadar, Umbrella and ZeroFox.
I’ll start with I am not a developer. I can script, and have been known to dabble in batch files, Pascal (remember that?) Visual Basic, VBS, PowerShell, C++, C# and Python, and using scripts I’ve been able to cobble up some amazing tools for myself and teams I’ve worked in. I’ve even attached nice looking GUI’s on my PowerShell scripts at times with MahApps or the lesser looking WinForms. These tools have only really been useful on the machine thats been running them.
I want to talk today about EXIF data and just how much of a double sword it can be depending on your use case. With todays modern technology it seems that every picture you take wants to have its geolocation information added to it if its connected to a GPS somehow, and if your camera just happens to be a mobile phone then this might just be happening. Take the following picture I took as an example:
In the previous article I covered all the steps and code that was required so that I can add a contact form with a reCaptcha on this very blog. These are the actual implementation steps I took to include them. Don’t worry the hard part has been done in part 1! Create contact form Using the client side HTML code I created the /content/contact.html file ensuring that I included the correct API Gateway URL’s for the post requests and the reCaptcha site key.
“You need to add reCaptcha to your webforms” - Its advice I’ve given out to security teams each time I see a malicious link or some spam pusher in the resulting email. Its the poor user who cops the brunt of them, increasing the chance of a click, increasing that chance of compromise. Reading through formspam is just a waste of time for everyone. I recall an instance where an internal securiy team miscofigured a tool they were using, set it to run overnight and that mailbox ended up with 35k+ emails in it.
In my last post, after updating the blog to use TLS1.2 and adding a CAA record thinking I would clear an A+ rating, I only retained an A rating. In this post I continue the journey striving for that A+ rating. Enabling HSTS It turns out that Mozilla observatory has a test you can also run, one that looks to be way stricter and they were not as impressed giving my site an F rating with a score of zero!
When it comes to your website, whats better than an A on your Qualys report? Why it has to be that A+! It might not seem like a big deal, but I still wanted to max out my score where I could. Little did I know I was about to get an education in the process. The Qualys SSL labs tester can be accessed via this URL https://www.ssllabs.com/ssltest/analyze.html. My initial report came back as follows:
Last month in AWS saw me rack up a bill of US$0.86 and with the terrible US/AUD exchange rate I’m out of pocket a whole AUD$1.30. As im playing around with new technology and integrating various services that AWS provides, I touched a few services this month, and discovered I should probably decommission services I’m not actually using anymore. No surpise to me that I excceded the free tier limits for S3.
This is a project that I have wanted to get working for some time now, but everytime I tried it, it failed on me. There was always some dependency error or some random obscure error. I’ve used url2png.com in the past to capture screenshots of malicious and unknown websites, and while I have scripts that replicate this functionality via PowerShell, I’m not comfortable running that script on a production machine at work.
This post I want to talk about how easy Hugo Shortcodes are to use and I’m totally kicking myself for not trying them out sooner! I have a number of blog posts that have turned into a blog series and I wanted to have some kind of Table of Contents or reference in them and doing this manually each time, for every post just wasn’t sustainable. If I wanted to make a minor change, then every post would need updating, and there would be all this extra markdown in the post.