MISP has a cracking pace of development; we factor in 12-15 releases per year here at Cosive as we maintain our hosted CloudMISP instances. That speaks volumes about the awesome and very active MISP developer community. With such a tempo it’s very easy to miss new features or not have time to fully dig into them. Let’s go through a few of the notable new features of the last 12 months that we particularly like which you may have missed. Time-based one time password (TOTP) Since: 2.4.172 (June 2023) What is it? A new, standard way of providing two-factor authentication (2FA) to MISP users. Why ..read more

If you feel like your phishing response team has been seeing more attacks than ever before, you’re not alone. The frequency of phishing attacks is increasing exponentially as people conduct more of their work and personal lives online. This post will cover the state of the art in anti-phishing techniques, with a focus on strategies that SOC teams, anti-phishing teams and fraud teams can use to defend customers and staff against phishing attacks. At Cosive, we work with many high-profile fraud targets, such as major banks, that face thousands of attempted phishing attacks every year. These anti ..read more

I presented on this topic recently at the AISA CyberCon in Canberra which ran in March 2023. The purpose of my talk was to provide some practical ideas for handling large amounts of open source intelligence and how to extract and store relevant information.  I decided to create a series of blog posts and short videos to follow up on this talk. This topic will be split into three parts: Part 1 - Threat intelligence & DocIntel Part 2 - Use cases for DocIntel Part 3 - Integrating DocIntel into MISP Part 1 - Threat intelligence & DocIntel Introduction “When looking for a solut ..read more

David joined Cosive in 2021 after five years with the Australian Communications and Media Authority (ACMA) and eight years with the Australian Federal Police (AFP). David’s career has spanned many areas of cyber security, from fighting spam and securing the Australian IP address space all the way through to cyber crime investigations and assisting with the prosecution of cyber crime offences. Outside of cyber security David is an avid chef, producing home made charcuteries, ferments and all things delicious. In this interview we learn more about David and cover many different topics, like ..read more

Cybersecurity is such a broad domain with so many different areas of expertise that it’s tough to be across them all. We all have known unknowns in the field, and none of us can be experts in everything. That’s why we’re kicking off our “Crash Course” series, where we’ll be diving into different areas of cybersecurity and answering the most common questions about the field. From threat intelligence, to network security, to incident response, threat hunting, pentesting, digital forensics, and cryptography and encryption, there’s a lot to learn, and the tools, techniques, and processes used in e ..read more

Photo by Dan Asaki on Unsplash. Written by Chris Horsley & Tash Postolovski. One of the more frequent conversations we have with security leaders is how to establish a new threat intelligence program in their organisation. In these conversations there are a few basic principles that we cover because they’re applicable to almost everyone. We’re sharing these principles publicly so that more organisations can learn about our threat intel philosophy and avoid the most common mistakes that can lead to failed programs. These principles are based on decades of experience establishing, running ..read more

Cosive’s tips for making a happy and productive remote team By Chris Horsley with Prue Owen. Cosive is a specialised cyber security company with a team of ten, founded in 2015 and based in Australia and New Zealand. From our very first day we’ve operated almost 100% remotely; we have no central office and only meet in person about once or twice a year. As COVID-19 spreads globally, and employees are asked to work from home for the first time, we’ve seen many people looking for tips on managing a remote team.  So, we decided to distill a few lessons we’ve learned about how to make a cohesi ..read more

This article was written by Kayne Naughton, Cosive’s Managing Director. There’s plenty of crossover between violent crime and computer crime. Probably more than people would expect, particularly when people see themselves as outsiders and have nothing left to lose. There’s not a whole lot stopping cyber criminals from doing things that aren’t rational. In most countries, you’re much better off just getting a legitimate computer job with your technical skills, unless you just can’t get along with people, or you’re maladjusted. In general, becoming a cyber criminal is not a very good career pat ..read more

The interview in this post is taken from Episode #004 of the Cosive Podcast. Tash: I’m Tash, and I’m helping out with marketing at Cosive. Chris: My name is Chris, and I’m the CTO at Cosive. Tash: Today we’re going to be talking about ChatGPT and its applications for CTI. Chris, I know this is something you’ve been really geeking out about lately. Can you give us a really brief summary of what ChatGPT is? Chris: I’ll try to keep it brief. There’s so much to talk about. They call it a “large language model”, but I think most of us would probably call it an AI chatbot. The amazing thing about it ..read more

Written by Chris Horsley. Reviewed by James Cooper, James Garratt, Kayne Naughton, and Shanna Daly (thanks for all your formatting help!) OpenAI released a public beta of their ChatGPT bot late last week. To introduce what we’ll focus on in this post, I’ll let ChatGPT do the honours. As it will be throughout this post, the yellow text is my prompt, and the green text is ChatGPT’s response. write the introduction to a blog post in which I describe how ChatGPT has quickly become popular, and that we'll investigate how useful it is for extracting ATT&CK IDs from threat intelligence reports ..read more