Oops, I did it again
The ongoing quest to catch a cybercriminal — While looking out the window, Carl discovers something interesting. Something that can change his and Jennifer’s lives altogether. While studying for his exams, he conceives a brilliant idea. Discreetly, he drafts a plan. Will he achieve his goal and make his girlfriend happy when the plan is successfully executed? Or will someone intervene? The danger of a cybercriminal can come from anywhere, and they can wreak havoc when they strike successfully. Are you prepared for when chaos strikes?
The moment I graduated from school and received my diploma in accountancy, I received a job offer to start as a junior system and network administrator. Simultaneously I got introduced to the world of cybersecurity. However, back then things were not as complicated as they are today. Like any other…
Security is more than just a budget code
Every so often you will receive questions from the senior management team like ‘Where can we save money?’ and ‘Security is just a cost center. Is it possible to lower these costs?’. And yes, these questions make sense if you follow the reasoning why. It is all about the company’s profitability and keeping the shareholders satisfied. But is this really the right way? — But before the question can be answered if it is possible to reduce the budget of the security department, there is a fundamental question to be asked first. What is the purpose of the security department?
Is EDR with Sysmon enough? Or do you need XDR as well?
Although the difference is just one letter, the level of protection is a different story. Extended Endpoint Detect and Response, or in short XDR, is the successor of Endpoint Detect and Response, or in short EDR. But what does actually extended mean? — As already stated in a previous article, protecting your endpoints with just a classic antivirus solution is not enough anymore. Online you can find enough articles on how to avoid detection by classic antivirus solutions.
Attack Surface Management - Is it just another buzzword or is it something more?
Attack Surface Management is currently one of the buzzwords in the security community. Various security vendors have released products covering Attack Surface Management. But is just installing another security tool enough to cover this buzzword? What is Attack Surface Management? Where to start with Attack Surface Management? — The SANS Institute and Gartner drafted already various documents, reports, and guides on Attack Surface Management. Therefore, one might think it is crucial to implement, and that you should invest in it.
Drive by downloads - Are your defenses up to par?
A drive-by download is the unintentional download of malicious code to steal and collect personal information, inject banking Trojans, or introduce exploit kits. Just to mention some of the security risks of a drive-by download. If successful, the adversary has established its foothold on the inside. From there, the adversary can continue with the attack. Therefore, the question is if you can detect and/or block a drive-by download.
Your defenses will fail one day. Are you ready for it?
Security control is just like any other IT tool. It will fail one day. And depending on the security control, the impact can be devastating. The question is if you can detect in time if a security control is failing. Can you? — Everybody thinks and believes their antimalware solution is always working and up to date. But is it? In a corporate environment, this responsibility lies with the antimalware administrator team. To understand if and when the antimalware is failing, you need to have a deep understanding of the underlying technology and…
A good New Year’s Resolution: Get certified
Most of us have heard or read about the 80/20 rule in some shape or form. And this rule equally applies to cyber security. Generally speaking, you can divide cyber security into two main groups. Offensive and defensive. But how can you prove you understand them both? — For almost all cyber security functions, the 80/20 rule makes sense. For example, if you are an ethical hacker or penetration tester, you need to know which defensive controls a company can implement, how you can recognize them, and how you potentially can bypass and/or disable them.
Log4J, one year later, which lessons can be learned?
On December 9, 2021, a CVE (CVE-2021–44228) was announced. A critical vulnerability was discovered in the Log4J library. With a carefully crafted string on the right field or HTTP header, an adversary could successfully exploit this vulnerability and gain access to the server. Luckily the InfoSec world acted quickly enough and within hours/days the first detection signatures were released lowering the likelihood that an adversary could successfully exploit the vulnerability. But then the next set of challenges began. How to successfully patch all known instances of the vulnerable Log4J library? You can ask yourself what we learned from this vulnerability.