blue team Archives - Jean-Christoph von Oertzen

What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles

jean-christoph — Fri, 14 Nov 2025 18:34:47 +0000

— And why your SOC might actually need a Bard 🐉⚔️ Cybersecurity teams are often compared to armies, fire brigades, or special forces. Personally? I think they’re much closer to a party of heroes in a classic fantasy role-playing game. No matter how many frameworks, SIEMs, or AI tools we summon, defending a digital kingdom […]

The post What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles appeared first on Jean-Christoph von Oertzen.

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

jean-christoph — Thu, 24 Feb 2022 19:18:55 +0000

My key takeaways BEC external-to-internal passes all technical security measures like SPF, DKIM and DMARC BEC internal-to-internal bypasses anti-spam solutions Get comfy with PowerShell to interact with M365 since Jan 2019 MS enabled mailbox auditing for Exchange Online CrowdStrike Reporting Tool also reviews excessive permissions in Azure AD If you are suspiscous to have a […]

The post Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security

jean-christoph — Wed, 07 Jul 2021 19:22:53 +0000

My key takeaways Zeek does not capture whole packets but saves summaries of all conversations it sees to log files saves time and space "You wouldn’t normally use Zeek for packet capture, instead you use it for analysis." – Bill Stearn Sending a lot more data then recieving might indicate malicious traffic use NetworkMiner to […]

The post Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Learn to Detect and Defend Against Supply Chain Attacks Before They Compromise Your Network

jean-christoph — Wed, 16 Jun 2021 19:35:55 +0000

My key takeaways First trojan probably was implemented 1983 by Ken Thompson, who invented Unix, C,.. He also warned back then: "You can’t trust code that you did not totally create yourself" Brand new hardware from the factory can be infected by malicious code as well Also open source software is constantly compromised example of […]

The post Webinar takeaway: Learn to Detect and Defend Against Supply Chain Attacks Before They Compromise Your Network appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: The Quest for the Kill Chain Killer Continues

jean-christoph — Thu, 13 May 2021 18:10:36 +0000

My key takeaways baseline defence must grow centralized logging required anyway VPNs need MFA too, esp with working from home early installations of Zoom-client on Windows got you a webserver running with open RDP JUGLAR = J-User-Global-Universal-DomainLocal-Resource More than 50% of enterprises that BHIS tests, still have support for LLMNR and NBNS enabled How to […]

The post Webinar Takeaway: The Quest for the Kill Chain Killer Continues appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: EMERGENCY WEBCAST: OK, let´s talk about ransomware…

jean-christoph — Tue, 11 May 2021 17:52:08 +0000

My key takeaways 3 types of ransomware encrypt hard drive steal files and data and threat to release them both 1 & 2 Ransomware gangs usually have great customer support it has become a serious business It doesn’t matter if you consider your organsiation a valuable target, if at least some money could be extorted […]

The post Webinar Takeaway: EMERGENCY WEBCAST: OK, let´s talk about ransomware… appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: No SPAN Port? No Tap? No Problem!

jean-christoph — Thu, 15 Apr 2021 18:07:17 +0000

My key takeaways setting up security in home network is no easy job no tap port? Think ARP cache poisoning don’t run it on a production network! Put RITA and Bettercap on a Raspberry Pi Bettercap is able to do full duplex ARP cache poisoning have to enable it in the config you can whitelist […]

The post Webinar Takeaway: No SPAN Port? No Tap? No Problem! appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: How to Analyze Encrypted Traffic on Your Network

jean-christoph — Wed, 03 Feb 2021 22:00:15 +0000

My key takeaways Encrypted traffic on the wire: can see headers, can’t see payload More and more traffic gets encrpyted like HTTPS and even DNS Most Threat Hunt techniques still work: beacons/strobes, long connections and connections to Threat Intel hosts Env Provided by Active Countermeasures Presenter: Alex Kirk from Corelight additional links https://corelight.blog/2020/11/19/corelight-at-home/ https://zeek.org/ Blog: […]

The post Webinar takeaway: How to Analyze Encrypted Traffic on Your Network appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Atomic Red Team Hands-on Getting Started Guide

jean-christoph — Thu, 28 Jan 2021 23:00:33 +0000

My key takeaways The Atomic Red Team Project (ART) is a open source library of scripted attacks ART uses the MITRE ATT&CK Matrix as structure ART emulates what an Attacker might do after compromise; msf tries to make use of vulns in software Emulating attacks helps to improve detection of attacks and comparing security products […]

The post Webinar takeaway: Atomic Red Team Hands-on Getting Started Guide appeared first on Jean-Christoph von Oertzen.