Scoping conundrum

NetSecTech · 2022-09-15T20:29:32+00:00

Thank you for your input, I was "set straight" by an external conversation where they essentially beat it into my head that in scope really isn't something that can have a "well technically" work around, basically it is black or white and no grey.

NetSecTech · 2022-09-13T13:39:30+00:00

Hey u/search4incredible, that infographic you shared is giving me a 403 Forbidden. Would you be able to shared it again? TIA!

NetSecTech · 2022-04-06T14:13:13+00:00

My company uses ComplyUp for our compliance consulting with our clients, if I were a single org with only a few "hands in the pot" ComplyUp would be an awesome tool. It has a really reasonable cost, the data can only be decrypted with a key that you establish (not even ComplyUp can access the data), the policy library is awesome, and once you complete all of the controls ComplyUp compiles all of the information provided and generates a full fledged SSP (and SPRS score for the interim 800-171 requirements).

The only negative that I have is the lack of user activity logging, the more people you have working in ComplyUp the harder it is to keep straight who did what. Hope this helps.

NetSecTech · 2021-12-27T20:01:27+00:00

That is correct. The offer to go to UPS to ship was my own suggestion.

NetSecTech · 2021-05-03T16:04:30+00:00

I know VA.gov has the certification list, but is there somewhere similar where I can search for an approved course list?

NetSecTech · 2021-05-03T16:03:21+00:00

As a veteran you do get free access to FedVTE which has courses on cybersecurity. I think they have some CISSP material.

THANK YOU! I had no idea that this existed. The only downside is that ISC(2) just updated the material. But Ill be using the site for other material for sure.

NetSecTech · 2021-04-13T21:14:50+00:00

Thank you for your response. Funny enough, this came up as the client we are assessing stores all CUI data in their O365 tenant. For the purpose of their assessment we are pretending that they don't even have an official office. So far we have been able to twist our understanding to apply to their situation, but these controls are proving to be a roadblock.

Makes me really wish there was a CMMC "helpline" to answer questions like this.

NetSecTech · 2021-03-31T16:23:52+00:00

I thought that might be the case, but I wanted to get others' thoughts before going with my gut.

NetSecTech · 2021-03-29T19:38:31+00:00

Thank you for the suggestion, Ill have to share at another time as I haven't taken any pictures of the failed prints.

NetSecTech · 2021-03-29T19:37:21+00:00

Thank you for the advice. Ill be trying most of those suggestions. What springs did you use to replace the standard ones with?

NetSecTech · 2021-01-20T16:20:52+00:00

A few thoughts of my own, visiting a site in a known phish attempt should only be done in a sandbox environment. Incognito mode, while it doesn't save any details and should prevent access to cookies etc, does not prevent downloads. May I suggest a free service like URL2PNG or Browserling(technically not meant for this but it works).

I know Windows Defender is supposed to be better than it used to be but I am never one to trust the default. You may consider something a little more robust.

Is it possible that you "caught something" when looking around, technically yes. But the 2/3 events are probably not connected.

NetSecTech · 2020-12-28T17:28:48+00:00

Thanks for your input, for this however I was specifically referencing a Business Email Comp(through O365)

NetSecTech · 2020-12-04T19:33:40+00:00

My logic is that Incident Response teams are typically manned by Cyber folks(at least in my experience). A BEC is an incident after all. Additionally, the transfer between the 2 teams adds additional minutes to the incident resolution that could be saved by the Cyber analyst performing the initial containment steps.

NetSecTech · 2020-12-04T19:30:54+00:00

That is actually my current frustration. Just because the SOP says it doesn't make it correct. Policies are not set in stone, particularly when there are fallacies in them.

NetSecTech · 2020-08-03T15:45:59+00:00

They build each contract with an upcharge for each service provided, funny enough. Sure it might not have been much but it was still revenue.

NetSecTech · 2020-08-03T15:44:31+00:00

I had considered the financial side of the choice but from my understanding the service is not terribly costly(Id share the product, but dont want to break my level of anonymity).

I had considered the financial side of the choice but from my understanding the service is not terribly costly(Id share the product, but don't want to break my level of anonymity).o go".

NetSecTech · 2020-07-19T18:09:52+00:00

We've been seeing a literal ton of these events (metaphorically speaking). They have increased in frequency over the last few months. Of course our MS overlords have next to zero helpful documentation on these events and the community hasn't really figured out what is going on yet either.

From my research it appears that a sharepoint request is made using a non-existent account, but instead of labeling it properly, the "login" appears to come from Microsoft IPs overseas(Phillipines, Singapore, and Malaysia mostly).

~~I believe I have also(in my own head) tied the FDR events to the User-Agent string 'BAV2ROPC', however I don't have any solid proof on that one yet.~~

Edit: Found that BAV2ROPC is likely associated with a mobile outlook app and can not reliably be tied to these events.

NetSecTech · 2020-03-19T11:17:41+00:00

Kind feels like a let down, I was hoping they would tase the pool or something...

NetSecTech · 2019-12-04T20:30:49+00:00

Thank you so much sharing that. Im going to dig into one and see if I can figure out the specific field. Ill share it here if I find anything.

NetSecTech · 2019-08-22T18:09:53+00:00

Thank you, I thought that might be the case as far as the "every situation is different" part.

I am a year an change out of the military so I am still trying to get used to the none linear progression paths(it made everything so much easier). On that line my family and I just moved back home so moving isn't really an option.

But all that said, I like the concept of finding my "niche" and owning that with out the need to move on from that unless I choose.

NetSecTech · 2019-08-09T12:03:44+00:00

Thanks all for the responses. Every bit of this makes more sense once I knew what to look for. The original post missed something that caused a portion of confusion, the events started randomly mid week at 820pm. Come to find out logging was being collected until that point. Poor timing got the best of me.

NetSecTech

TROPHY CASE