On 16 October, NCSC-UK (part of GCHQ) released their second annual review for 2018. The report is really well-written and provides insights on how large scale impact can be achieved. This is a really good example of planning and implementing a well structured and funded cyber security program and National Cyber Security Strategy.
What caught my attention is the Active Cyber Defence (ACD) services and their impact:
Continue reading “NCSC-UK Annual Review 2018 and Active Defence”
During the past week CrowdStrike published its 2018 Mid-Year Review call “Observation from the front lines of threat hunting“. This report provides insights, trends and details on today’s most sophisticated cyber attacks observed by CrowdStrike Falcon OverWatch team.
Some interesting points of the report include:
Continue reading “CrowdStrike’s 2018 Mid-Year Review”
Florian Roth published the new version of Anti-Virus Log Analysis Cheat Sheet (version 1.5). I highly recommend to implement monitoring of the events included in this cheat sheet. To my mind, this is the easiest and quickest win and AV logs are one of the first things I hunt whenever I go to a new environment.
The new version has information on :
Continue reading “Anti-Virus Log Analysis Cheat Sheet (v1.5)”
Lots of good stuff going on for MITRE ATT&CK framework. It’s great to see the whole project evolving and stimulating cybersecurity community to better analyse intrusions and actors, enhance controls and active defense activities. See some of the latest updates:
Continue reading “Latest advances in MITRE’s ATT&CK framework”
It was ~2 weeks ago when Costin Raiu wrote an article on “Where are all the ‘A’s in APT?”. In this article, Costin focused on what is regarded as sophisticated in observed APT attacks as well as how future detected sophisticated attacks will look like:
Continue reading “Costin Raiu on future sophisticated attacks”
ENISA has released the first comprehensive study on cyber Threat Intelligence Platforms (TIPs) focused on the needs of TIP users, developers, vendors and the security research community.
The study channels its efforts into identifying some of the key opportunities and limitations of existing platforms and solutions, since information exchange formats and tools remain central items on the agenda of the cybersecurity community in general, and particularly of incident responders.
Continue reading “A Study on Threat Intelligence Platforms (TIPs)”
European Union Agency for Network and Information Security (ENISA) has recently released the report on Tools and Methodologies to Support Cooperation between CSIRTs and Law Enforcement.
The report aims to support the cooperation between CSIRTs – in particular national/governmental CSIRTs – and LEAs in their fight against cybercrime, by providing information on the framework and on the technical aspects of the cooperation, identifying current shortcomings, and formulating and proposing recommendations on technical aspects to enhance the cooperation.
Continue reading “ENISA Report on Tools and Methodologies for CSIRTs and Law Enforcement Collaboration”