Month: May 2022

Posted in Flashback Friday, Informational, InfoSec History

Case Study: Maroochy Shire

Posted on by Steph

Problem

In 2001, a former contractor who still had access to the system, compromised the industrial control system (ICS). This compromised causes the sewage to flood the town and watershed.

This would become the first widely recognized attack on and industrial system.

“Marine life died, the creek water turned black and the stench was unbearable for residents,” said Janelle Bryant of the Australian Environmental Protection Agency in The Register

Cohen, Gary, 2021

Solution

  • Focus on possible Insider Threats
  • Offboarding procedures
  • Emphasize separation of duties
  • Airgap operational technology from information technology.
Posted in Informational, Labs, What I've Used

Splunk Core Certified User – Study Guide

Posted on by Steph

I would advise anyone who wants to learn to use Splunk to actually use Splunk. They offer a really thorough fundamentals class for free and you fan set up a Splunk environment fairly easy.

There’s also hands-on by completing the ‘Boss of the SOC’ challenges.

Furthermore I recommend:

Splunk Certified Study Guide by Deep Mehta published by Apress

I highly recommend the above book to supplement study and test prep.

Posted in Informational, Learning Woes, What I've Used

Broke the Microsoft Curse

Posted on by Steph

Or Passing AZ-900

Last Friday I sat for an passed Microsoft’s Azure Fundamentals (AZ-900) certification test. During my hiatus I had sat for an failed Microsoft’s Security Analyst (SC-200) test.

To be honest I really wasn’t prepared for SC-200. I breezed through the Microsoft Learn coursework and didn’t really study the material. Although I had hands-on with their security tools I’d never used Kusto Query Language. I kinda wanted a feel for how Microsoft tests were comparatively speaking.

Failing SC-200 wasn’t a big hit because I was aware of my shortcomings.

Still to me, Microsoft Cert Tests are trickier and have section blocks that limited the ability to go back and change answers, which I wasn’t prepared for the first time taking one of their exams, but was ready for taking the Fundamental exam.

This is exam is basically theoretical and based on understanding Azure on a high level and the using the cloud as a whole.

I would recommend using the following to test prep:

  • Microsoft Learn for AZ-900 (free Microsoft course)
  • Jim Cheshire book (pictured below)
  • I microsoft also has ‘Virtual Training Days’ which can help.
Jim Cheshire – “Microsoft Azure Fundamentals Exam Ref AZ-900”

Now to get more hands on with Azure!!

Posted in Informational, Labs, Simple Malware Analysis

Build a Lab with Me (#1)

Posted on by Steph

Write the Docs…

So, I’m a little bit of a tech hoarder.  I’ve got several raspberry pis, nucs, Mac minis, and a chrome box. I also have a switch to put pfsense on.  I’ve kinda got the hardware part down (tho I am looking for 1 more machine with 16gb or ram to complete my vision).

This being said I have a few things I want out of my lab environment:

  • Malware Analysis machine
  • Security Onion Analyst machine
  • Cyber Threat Intelligence Machine
  • Possible Forensic Analysis Station
  • Also want to have a pihole

I also know I want to mess around with Docker and Python although these don’t need their own environments the other three kinda do. This is especially true for malware Analysis machine which needs to be isolated as much as possible to prevent infection of other systems.

Draft Lab Documentation

The above is the draft documentation I cooked up to kinda of mimic inventory management. I also think if I’m going to have stationary ip addresses that this should be documented as well. I started having this info written out, but have also entered it into note-taking software. This is my attempt to be meticulous and intentional in this endeavor.