Oops, I did it again
The ongoing quest to catch a cybercriminal — While looking out the window, Carl discovers something interesting. Something that can change his and Jennifer’s lives altogether. While studying for his exams, he conceives a brilliant idea. Discreetly, he drafts a plan. Will he achieve his goal and make his girlfriend happy when the plan is successfully executed? Or will someone intervene? The danger of a cybercriminal can come from anywhere, and they can wreak havoc when they strike successfully. Are you prepared for when chaos strikes?
The moment I graduated from school and received my diploma in accountancy, I received a job offer to start as a junior system and network administrator. Simultaneously I got introduced to the world of cybersecurity. However, back then things were not as complicated as they are today. Like any other…
When was the last time you have validated and/or updated the information security policy documents?
Yes, true for some this is a boring topic. However, most people will try to use the excuse that as long as it is not stated in the information security policy it is allowed whatever they are doing. But then they forget the intent of the information security policy. Therefore, the question is what do you need to think about when validating and/or updating the information security policy documents? —
Can ChatGPT takeover the role as a use case developer?
Currently, many people are talking about ChatGPT and how it will affect everybody’s life. Some (including me) are also investigating it. Therefore, let’s put it to the test. Does ChatGPT know how to find the right and relevant information to design and implement a use case around a password spray attack? Put differently, can ChatGPT replace the use case developer? — https://chat.openai.com/ The basics first. What is a password spray attack? This a simple but good question for ChatGPT.
Phishing emails— The one thing you don’t want to receive, but you can’t avoid it. So, now what?
A phishing email is a fraudulent attempt by scammers or cybercriminals to deceive recipients into revealing sensitive information, such as passwords, usernames, credit card details, or personal identification information. These emails are designed to appear as if they are sent by legitimate organizations, such as banks, social media platforms, or e-commerce websites, in order to trick individuals into providing their confidential data. And as phishing emails as a technique has proven to be effective, the adversaries will continue dispatching them. So, the question is what can you do to protect yourself? In this article, I give some tips on how to deal with phishing emails.
Do you really need 24x7 eyes-on-screen in the Security Operation Center?
This is a challenging question that is not easy to answer because it depends on several things. There are good arguments for having 24x7 eyes-on-screen in a Security Operation Center. But there are also strong arguments for implementing a different model. — The conventional model of how most Security Operation Centers are organized is based on a tiered model. Level 1, Level 2, and Level 3, combined with support staff. Level 1 is 24x7 staffed while other functions are only staffed during the daytime and are on call during the other hours…
Microsoft Azure Sentinel is just crap
In previous articles, I wrote already why I believe Azure Sentinel is an inferior product and should be taken off the market. The more I use it, the worse I think it is. This is not about how to create use cases. There are some pretty significant fundamental flaws in Azure Sentinel. Actually, I should say there are some pretty significant fundamental flaws in the Azure Log Analytics workspace. The foundation behind Azure Sentinel.
Can you piece back the puzzle of the timeline?
Sooner or later, the environment you are responsible for will be hit by a security incident. Small or big. But no matter how significant the incident is, the high-level steps to remediate the incident are the same. Identification, containment, eradication, and post-mortem. And each of these steps has one thing in common. The timeline. In order to contain the incident, you need to find both Patient Zero and Moment Zero. Most people are familiar with the term Patient Zero. But what is Moment Zero?
Judgment day: are you ready for it?
If you are a security professional, you know this day is coming. The day the security is breached. And you think you have all the relevant processes and procedures in place. Let’s zoom out a little bit. According to NIST, a security incident has five distinct phases: identification, containment, eradication, recovery, and post-mortem. However, when there is an incident, most security teams often jump straight to the eradication phase and skip the phases of identification and containment. When you ask why they do it, according to them it makes sense. The house is on fire, so the fire must be extinguished. But how can you kill a fire if you don’t know what you are dealing with?