In our previous blogpost, we discussed how to take some of the dust off your Acceptable Use Policy (AUP) or IT security code of conduct, making it a bit more user friendly and educational. Now, we're giving you a sort of checklist of the topics to discuss in a typical AUP, based on the table … Continue reading A checklist to populate your Acceptable Use Policy
In a previous blogpost, I explained my steps for reversing the flutter.so binary to identify the correct offset/pattern to bypass certificate validation. As a very quick summary: Flutter doesn't use the system's proxy settings, and it doesn't use the system's certificate store, so normal approaches don't work. My previous guide only explained how to intercept … Continue reading Intercepting Flutter traffic on Android (ARMv8)
Writing an Acceptable Use Policy sounds simple. Until you get started. We’ve all heard about users being the weakest link and the source of all cyber evil. I can understand the frustration of some of my cyber colleagues, but we’ve designed complex technology and expect them to use it perfectly – are we being reasonable? … Continue reading Three tips for a better IT Acceptable Use Policy
Introduction We are happy to announce that the awesome people maintaining the Sigma project on GitHub have merged our work to support the ee-outliers backend! So what you can you do with this? Sigma already contained support for Elasticsearch through the es-dsl and es-qs backends. However, these generate queries then need to be integrated by … Continue reading Sigma engine adds support for ee-outliers backend: start tagging your Sigma hits in Elasticsearch!
Introduction Earlier this week, we released logalert.py, a simple python tool that can be used to pipe standard output to email for the purpose of alerting. In this blog post we want to give a concrete example of how logalert.py can be used to get simple & reliable email notifications about suspicious firewall connections, based on … Continue reading Email alerting on geographically suspicious firewall connections using logalert.py, geoiplookup and AbuseIPDB
Introduction Today we are releasing a small but useful tool, logalert.py. This tool can be used to pipe standard output to email for the purpose of alerting. A simple caching system is used to avoid sending duplicate alerts within a certain timeframe. The tool was developed for cases where you want a simple and robust … Continue reading Releasing logalert.py – Smart piping of command output to email for alerting