Jack Whitter-Jones 0 Posted August 3, 2019 What are you all working on at the minute? Share this post Link to post
Ian Chisholm 5 Posted August 3, 2019 Policy changes, tooling, and controls to get to ISO27k next year. Share this post Link to post
james mckinlay 116 Posted August 3, 2019 NSM, VMP, Hardening endpoints, bringing webproxy inhouse, bringing email filtering inhouse, extending phishing reporting to IR and SOAR 1 Share this post Link to post
Graeme Park 0 Posted August 3, 2019 Cloud web proxy, EDR deployment, SOAR trialling, bug bounty, vuln managment and general processes. Share this post Link to post
Ian Chisholm 5 Posted August 5, 2019 (edited) Interested in this, @james mckinlay. Why are you bringing filtering in-house? Regulatory? Or lack of efficacy of providers? our email filtering is already run from in-house but I’m moving away from Microsoft ATP. Edited August 5, 2019 by Ian Chisholm Share this post Link to post
james mckinlay 116 Posted August 5, 2019 10 hours ago, Ian Chisholm said: Interested in this, @james mckinlay. Why are you bringing filtering in-house? Regulatory? Or lack of efficacy of providers? our email filtering is already run from in-house but I’m moving away from Microsoft ATP. can do it better cheaper with more control inhouse - thats not the case for everyone - but it is the case for me 1 Share this post Link to post
RT Hatfield 4 Posted August 6, 2019 Trying to put together a generic ransomware killchain with example TTPs and high- and low-fidelity detections for each phase in the chain. This is mostly to document all the good things we're doing wrt ransomware at my employer, and to justify deploying a few extra detections that got shot down in the past. 1 Share this post Link to post
Ryne Hanson 0 Posted August 6, 2019 Looking into how to efficiently use diffing for source code reviews. If anyone has any good tools or processes other than git clone && git show that they use let me know! Share this post Link to post
james mckinlay 116 Posted August 6, 2019 6 hours ago, RT Hatfield said: Trying to put together a generic ransomware killchain with example TTPs and high- and low-fidelity detections for each phase in the chain. This is mostly to document all the good things we're doing wrt ransomware at my employer, and to justify deploying a few extra detections that got shot down in the past. have you tried these two https://blog.savagesec.com/minimizing-ransomware-risk-with-fsrm-847d70f6212b https://fsrm.experiant.ca/ Share this post Link to post
RT Hatfield 4 Posted August 7, 2019 15 hours ago, james mckinlay said: have you tried these two https://blog.savagesec.com/minimizing-ransomware-risk-with-fsrm-847d70f6212b https://fsrm.experiant.ca/ Interesting to do it with Windows native tools. I've already suggested doing something very similar with our existing EDR tools, only on all the endpoints. Share this post Link to post
james mckinlay 116 Posted August 23, 2019 On 8/3/2019 at 9:01 AM, Jack Whitter-Jones said: What are you all working on at the minute? getting offsec to accept me onto OSCE - such a mess these days think they've grown too big to actually care - CX!=VG 1 Share this post Link to post