LastPass was hacked last year. As LastPass customers we need to evaluate the impact that has on Section 9. Should we continue to use the product? Should we migrate to a different password manager? How do we evaluate a password manager? Consider this the start of a longer conversation about LastPass and password managers. FIND US ON 1. Twitter - DamienHull 2. YouTube ..read more

Time to get an accurate inventory of the devices on our network. Once we have an inventory, we can move on to policies and procedures. LINKS 1. runZero - Active discovery tool for asset inventory 2. Enterprise Asset Management Policy Template FIND US ON 1. Twitter - DamienHull 2. YouTube ..read more

Time to start learning Azure. We’ve had Azure AD and Microsoft 365 for years. Just added Azure to the mix. Lots to learn. LINKS Free Azure Account FIND US ON 1. Twitter - DamienHull 2. YouTube ..read more

Got a new job. This makes our lab environment more important than ever. Some labs will be for me. Others will be for work. We need to make sure everything is working. We also need good documentation. No more messing around. FIND US ON 1. Twitter - DamienHull 2. YouTube ..read more

Wazuh! It works! Not only does it work, but it’s awesome. We’re also covering detection as part of a security program. You can’t have good security without detection. We’re also throwing in a bit of VMware management. Can’t manage labs in VMware without some management know how. LINKS 1. Wazuh · The Open Source Security Platform 2. Lab Instructions - Emulation of ATT&CK techniques and detection with Wazuh 3. Sysmon config from SwiftOnSecurity 4. Wazuh Server Rules 5. Video: Installing The EDR Solution Wazuh FIND US ON 1. Twitter - DamienHull 2. YouTube ..read more

Of course security solutions aren’t 100% perfect. So, why are people building security programs around perfect solutions? LINKS 1. YouTube Video: "Prevention First": An Approach to Cybersecurity w/ Minerva Labs! FIND US ON 1. Twitter - DamienHull 2. YouTube ..read more

Time to go deeper down the Sysmon rabbit hole. Looks like Wazuh does a lot more than we thought. LINKS 1. Sysmon 2. Wazuh FIND US ON 1. Twitter - DamienHull 2. YouTube ..read more

Time to start thinking about our Sysmon deployment. There are a lot of moving parts to this project. It won’t be a simple install on Windows 10. That’s just a small part of the project. LINKS 1. Security Onion 2. Getting started with Elastic Stack 3. Sysmon 4. Wazuh FIND US ON 1. Twitter - DamienHull 2. YouTube ..read more

We’re conducting a mini security audit. We’ve got our short list of things we’re doing for security. Are they working for us? Are there things we need to change? How are we doing? LINKS 1. Security Onion 2. Getting started with Elastic Stack 3. Sysmon 4. AppLocker FIND US ON 1. Twitter - DamienHull 2. YouTube ..read more

It works! We have application allow listing with AppLocker. Pushed out the settings from Intune. This is awesome! NOTE: No links to instructions for Intune and AppLocker. I need to find good documentation or write my own. LINKS 1. Security Onion 2. Getting started with Elastic Stack 3. Sysmon 4. AppLocker FIND US ON 1. Twitter - DamienHull 2. YouTube ..read more