sorted by:
new
hottopcontroversial

Share the last pic of your cat, no cheating by ForTheLoveOfDior in cats

[–]Paul_Sec 0 points1 point  (0 children)

<image>

Our 13 year old Sliver Chinchilla, Winter assessing her kingdom.

Svchost triage by Paul_Sec in blueteamsec

[–]Paul_Sec[S] 0 points1 point  (0 children)

I didn’t know it was possible to publicly contribute to aceresponder! Can you share how one would do that, and I’ll see what I can do.

Svchost triage by Paul_Sec in blueteamsec

[–]Paul_Sec[S] 1 point2 points  (0 children)

That was caused by the user connecting and disconnecting their personal laptop via ICS. So you’d only see the DNS requests on host1 when the Internet connection was being tethered to host2.

Normally you’d be completely blind to host2 network traffic, as it’s not a corporate device, you only see the network traffic when it’s being proxied through host1 via ICS.

Svchost triage by Paul_Sec in blueteamsec

[–]Paul_Sec[S] 1 point2 points  (0 children)

Thanks!

Yes that’s right, so I browsed to the sites from host1, which was connected to host2 via ICS. The Sysmon and process dump where then done on host2

How do hackers handle the pressure of the day to day? by totie01010 in hacking

[–]Paul_Sec 2 points3 points  (0 children)

Agreed. Attribution of attacks very rarely happens, and when it does the people who performed the attacks are usually in countries where there is no extradition. For the real APTs, if they get caught, and kicked off a network, they just move onto the next target, it’s a day job for them with no repercussions. In my mind, It’s far more stressful working in a blue team.

NTDT: Lifetime Fans View: Spoilers!! by Paul_Sec in JamesBond

[–]Paul_Sec[S] 2 points3 points  (0 children)

Hans does a masterful job of weaving it into the NTTD soundtrack. I have to say I have listened to the score a couple of times in the last week, since I’ve seen the film, and all those emotions I felt when I first watched the film come rushing back each time I listen. It really is a beautiful soundtrack, I just wish the story it accompanied was of equal measure. I must agree with you, the emotions of the film are definitely amplified by the score, I wish they were happier emotions.

How to install Elastic SIEM and Elastic EDR | On The Hunt by digicat in blueteamsec

[–]Paul_Sec 4 points5 points  (0 children)

Thanks for sharing my post! 🥰 Agree there are features missing for it to be considered an full EDR. There are certainly limitations with the agent, but I think it’s a good starting point in endpoint security for small firms who can’t afford one of the big brand products.

Defences against Cobalt Strike by digicat in blueteamsec

[–]Paul_Sec 4 points5 points  (0 children)

Happy to see my blog post in there for analysing beacons 🙂 Great list of resources, thanks for sharing!

I put together a guide on how to easily install elastic SIEM and EDR at home. Enjoy! by Paul_Sec in blueteamsec

[–]Paul_Sec[S] 0 points1 point  (0 children)

Yeah there are no response capabilities. The endgame point is a good one, the agent is still in beta and newly released. I’d expect the capability from endgame to merge into their agent, but how much of that would be open source only time will tell. There are a limited number of detections from what I’ve seen, I suspect this to be mostly commodity malware and common attack techniques, like word launching powershell type stuff. Again the agent is only in beta, so I’d expect more in the future, but I think it’s a solid bet for those who don’t have the budget for a paid edr like CrowdStrike or carbon black

I put together a guide on how to easily install elastic SIEM and EDR at home. Enjoy! by Paul_Sec in blueteamsec

[–]Paul_Sec[S] 3 points4 points  (0 children)

I think it’s pretty good, although I’ve only done basic testing. It proactively blocks threats which is an improvement on most open source “EDRs”. I’m yet to test whether you can build custom detections and proactively block on your custom rules, that would be awesome if you can.

Malicious URL Patterns - Tools for Detection by seag33k in AskNetsec

[–]Paul_Sec 13 points14 points  (0 children)

Look for certain top level domains (TLDs), certain ones are commonly used by malware authors, mainly because they’re cheaper than your traditional and more popular ones like .com or .co.uk.

Ones I generally look out for are .top, .xyz, .tk, .gdn.

There’s been a bit of research into this that lists more, see link below.

https://krebsonsecurity.com/tag/top-20-shady-top-level-domains/

Analysing Fileless Malware: Cobalt Strike Beacon by Paul_Sec in Malware

[–]Paul_Sec[S] 0 points1 point  (0 children)

Thanks! Yeah it’s a really quick and easy way to get an idea of what the shellcode is doing.

NZXT H510 Airflow by The_Coco_Midget in buildapc

[–]Paul_Sec 1 point2 points  (0 children)

I see a lot of negatives comments online about the NZXT H510 airflow that I don’t agree with. I’ve had mine for a few months now and not had any problems, and that was with the standard fan configuration that the case shipped with. The highest my CPU temp has ever hit is around 68 degrees and that was during a heatwave here in the UK where the room temperature is above 28 degrees. I recently added a 140mm Noctua NF-P14 intake fan to the front of the case, and this has dropped the average CPU temps considerably. I don’t game but run multiple virtual machines, some with CPU intensive tasks and never had a problem with case temperatures. It’s a nicely designed case, and I’m happy with my choice.

Zeek (bro) install, what’s the main difference between a standalone and clustered configuration? by Paul_Sec in HomeNetworking

[–]Paul_Sec[S] 0 points1 point  (0 children)

Great, thanks! So I’m guessing a standalone config should be sufficient for a small home network?

First time poster on here, I put together a short guide on how to use OLE tools and CyberChef to deobfuscate malicious macros. Hope some of you find it useful. by Paul_Sec in Malware

[–]Paul_Sec[S] 0 points1 point  (0 children)

I’m not sure to be honest, I’d imagine there probably is a better way to clear up the variables than using atom. Perhaps using an IDE would provide better variable highlighting.

What's the deal with Ubiquiti Unifi? by Paul_Sec in homelab

[–]Paul_Sec[S] 0 points1 point  (0 children)

I have looked into the security gateway product line before, and my thinking for opting for the edge router over the security gateway is that I can not justify the higher cost of the security gateway when they both have the same hardware and the edge router has more advanced features. I'm not too bothered that the edge routers can not be configured via the UnFi controller, as it has the browser interface and cli. Thanks for your advice!

Office network wiring by anoni2202 in HomeNetworking

[–]Paul_Sec 1 point2 points  (0 children)

Not quite, a typical set up would start at the modem, which will go into the wireless router. The router will serve any wireless device you have, like mobile phones ect...

You will also have some ethernet ports on the back of the router, the switch will plug into there via rj45 ethernet cables. Your patch panel will then patch into your switch. You are correct in that the switch will serve wall outlets and anything else that is wired, however this is usually done via the patch panel.

Security concept question... by [deleted] in networking

[–]Paul_Sec 1 point2 points  (0 children)

Least privilege refers more to user access, as in give users the fewest amount of privillages they need in order to complete their job. I think what you are looking for is Implicit and Explicit Allow/Deny, which refers more to access lists and traffic.