Jump to content

About This Club

A place to discuss and ask for help regarding security related research you are conducting.

  1. What's new in this club
  2. getting offsec to accept me onto OSCE - such a mess these days think they've grown too big to actually care - CX!=VG
  3. Ethos, may of been a bad word I guess I mean culture aiming for productivity.
  4. what defn of Ethos are we looking at - is it this one Ethos, means to convince an audience of the author's credibility or character.
  5. Not sure how far you want to take the concept of ethos... Is it the character of the team or are you going for the individual and how they should behave. Personally, these are three of things that i look for: ethics (although this is a a hard one as really depends on cultural aspects as well) inclusive forward thinking, striving to achieve that "newness" factor
  6. Following some discussions around mental health and workplace stress, I was curious on how I would go about answering the following question: How would you as a member of a team, improve the overall ethos of your department? Lets hear your thoughts!
  7. It's been a few years for me since I used LogLogics, but at the time they operated like Splunk. Just a lot slower. Also do we no longer distinguish between log archive and SIEM? Has marketing successfully blended the terms enough? I'd say SIEM is only good for a large enterprise, but break down for the Fortune 50's or service providers. Ever had to integrate a new acquisition into your SIEM? lol Also don't expect your security ops team to run it.
  8. Interesting to do it with Windows native tools. I've already suggested doing something very similar with our existing EDR tools, only on all the endpoints.
  9. have you tried these two https://blog.savagesec.com/minimizing-ransomware-risk-with-fsrm-847d70f6212b https://fsrm.experiant.ca/
  10. Looking into how to efficiently use diffing for source code reviews. If anyone has any good tools or processes other than git clone && git show that they use let me know!
  11. Trying to put together a generic ransomware killchain with example TTPs and high- and low-fidelity detections for each phase in the chain. This is mostly to document all the good things we're doing wrt ransomware at my employer, and to justify deploying a few extra detections that got shot down in the past.
  12. can do it better cheaper with more control inhouse - thats not the case for everyone - but it is the case for me
  13. Interested in this, @james mckinlay. Why are you bringing filtering in-house? Regulatory? Or lack of efficacy of providers? our email filtering is already run from in-house but I’m moving away from Microsoft ATP.
  14. Cloud web proxy, EDR deployment, SOAR trialling, bug bounty, vuln managment and general processes.
  15. NSM, VMP, Hardening endpoints, bringing webproxy inhouse, bringing email filtering inhouse, extending phishing reporting to IR and SOAR
  16. Policy changes, tooling, and controls to get to ISO27k next year.
  17. Definitely how to interact with people, whether it’s reporting up, down, or responding to questions. In my experience, always achieved through experience and example.
  18. Is LogLogic a singular platform, or is it a SIEM with multiple different addons that you can purchase? Because from the outlook it seems like a proprietary version of Apache Hadoop. However, that is based on the documentation and product listing.
  19. Every Friday, I shall post a new question based on something picked at random or provided by anyone in the community (direct message or suggest a topic in your reply). Please try to keep the answers serious and remember to quote the question or an answer your are discussing. This weeks question is related to the field of learning and can be found a sapien. Question: "What do we need to learn that can’t be taught by/through/with technology? Why?"
  20. Oh this is neat, I quite like this a potential weekly topic for the club to answer, i shall make a topic with a proposed question see what happens. Nice find
  21. anyone played this card game https://www.sapien2-0.com/en-play
  22. Other value for money platforms like LogLogic, too.
  23. I am beginning to see the trend in SME's moving most of their operation from the ground up to cloud-based providers due to this reason. Easy, manageable and almost immediate. Would it be possible to pick your brain on some questions I got outside of this chat?
  24. If you’re deploying at a greenfield site Azure Sentinel is pretty good as it’s very easy to get up and running, and cheap. And they have good built in threat detection and such. The struggle with Splunk has been very real for me. I think it’s too big for many orgs.
  25. SIEM has been a major improvement that just logging everything into a SQL database or a data warehouse like HBase. However, the latter has become more manageable with other addons like spark. The incident platform The Hive seems pretty cool addition to the SIEM platforms that are around. Also the Elastic SIEM seems quite cool, but that might just be a more of a rebrand in the end.

  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy