webinar takeaway Archives - Jean-Christoph von Oertzen

Webinar Takeaway: How to Get Started in Cyber Threat Hunting

jean-christoph — Wed, 07 Apr 2021 19:15:14 +0000

My key takeaways responding to alerts, writing sig’s, checking dashboards is reactionary; threat hunting is proactive @TayandYou <- nice example of an AI being out of control how can AI solve infosec problems, unless we have our processes right? ThreatH process start with the network and look for anomalies suspect system? pivot to host logs […]

The post Webinar Takeaway: How to Get Started in Cyber Threat Hunting appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s

jean-christoph — Thu, 01 Apr 2021 18:17:02 +0000

My key takeaways Automation tools like Ansilble, terraform and docker can also create a evil environment eg for phishing Don’t put sensible tokens or passwords in ainsible config files but use a cloud password manager and pull the pass as variable into ainsible Best of phishing themes: give away 2 iPhones or check a link […]

The post Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s appeared first on Jean-Christoph von Oertzen.

Event takeaway: 2. IT-Grundschutz-Tag 2021

jean-christoph — Wed, 17 Mar 2021 19:00:00 +0000

My key takeaways Digitalization and cyber secuirty goes hand in hand Hafnium BSI: about 10k Exchange server affected in DE by Hafnium Remediation advices almost everybody who exposed OWA Save personalized settings before starting! patch = Exchange admin rights required) look in IIS for Github fragments in Inetpub folder #DEVSECOPS is the mandatory development system, […]

The post Event takeaway: 2. IT-Grundschutz-Tag 2021 appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: Black Hills Infosec: Sacred Cash Cow Tipping 2021

jean-christoph — Thu, 11 Feb 2021 21:00:59 +0000

My key takeaways EDR loader: may execute shellcode Most EDR are on cloud Receipe to pwn such EDR: get IP’s for the vendors (usually whitelisted) create a windows firewall rule to block these IPs EDR pwnd EDRs are blind to WSL(2) since 2018 Files >50MB are usually ignored by EDRs Rust, GoLang, Nim to bypass […]

The post Webinar Takeaway: Black Hills Infosec: Sacred Cash Cow Tipping 2021 appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: A Master Class on IT Security – Roger Grimes Teaches Ransomware Mitigation

jean-christoph — Wed, 10 Feb 2021 21:00:45 +0000

My key takeaways often ransomeware dwells 8mo-1yr before detection or execution since 1989 AIDS/PC Cyborg Trojan since end 2019 data exfiltration get more and more common with ransomware today access to network is more worry than encrypted files droppers are often not recognized by AV/EDR 2% of revenue is common request for ransom stolen data […]

The post Webinar takeaway: A Master Class on IT Security – Roger Grimes Teaches Ransomware Mitigation appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Atomic Red Team Hands-on Getting Started Guide

jean-christoph — Thu, 28 Jan 2021 23:00:33 +0000

My key takeaways The Atomic Red Team Project (ART) is a open source library of scripted attacks ART uses the MITRE ATT&CK Matrix as structure ART emulates what an Attacker might do after compromise; msf tries to make use of vulns in software Emulating attacks helps to improve detection of attacks and comparing security products […]

The post Webinar takeaway: Atomic Red Team Hands-on Getting Started Guide appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Releasing Your First (Python) Open Source Project to the Masse

jean-christoph — Wed, 13 Jan 2021 21:00:55 +0000

My key takeaways Version control is not for dev only. eg filename for docs 😉 Fear of Git is quite common great way of explaining git: staging: collect changes to track if you get it on the CLI it is much easier to understand it in any other tool remove the file due to pw-oopsie: […]

The post Webinar takeaway: Releasing Your First (Python) Open Source Project to the Masse appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Discussing Implications of the SolarWinds Breach(es)

jean-christoph — Wed, 23 Dec 2020 19:26:05 +0000

My key takeaways stop panicking, the Solarwind hack is over. C2 channels are dead. Party is over. don’t poke at the IOC’s * focus on the fundamentals and how to avoid it happen again Fundamentals: DNS most valuable hunting artefacts Know what you have where Know all your software Where are the blind spots? <- […]

The post Webinar takeaway: Discussing Implications of the SolarWinds Breach(es) appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Upping Your Defenses and Detections For the Low Low Price of FREEEEE

jean-christoph — Fri, 18 Dec 2020 08:11:58 +0000

My key takeaways Almost everybody get’s popped, a matter of time and ressources even with low budgets there are a lot of tools that help to make it harder for the attackers Doing some OSINT for the own organization might bring up a lot of information that attackers will use Webapp pentesting is basic security […]

The post Webinar takeaway: Upping Your Defenses and Detections For the Low Low Price of FREEEEE appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Deutsches Cyber Threat Briefing mit Anomali, RiskIQ und CrowdStrike

jean-christoph — Thu, 19 Nov 2020 18:41:38 +0000

My key takeaways Anomali it takes up to 200+ days on average before a breach might be detected one challenge in many SOCs is to find relevant information in a growing "data lake"; this is where tools are needed wannacry example: blocking the kill switch domain as suspicious would have helped the worm spread; getting […]

The post Webinar takeaway: Deutsches Cyber Threat Briefing mit Anomali, RiskIQ und CrowdStrike appeared first on Jean-Christoph von Oertzen.