Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions – Part 1

A Security Operations Center (SOC) watches an organization’s IT systems for cyber threats 24/7. It quickly finds and fixes security problems and uses Security Information and Event Management (SIEM) tools to collect and analyze alerts and logs. SIEMs depend on log Collectors servers, which gather data from many sources and send it to the SIEM. … Continue reading Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions – Part 1 →

Refinery raid

IntroductionPurpose of the blogpostWhat is Labshock?What Will We Do?Setting Up the Virtual Oil PlantCreate Your EnvironmentInstall LabshockDockerDownload & build LabshockStarting LabshockConducting the HackStep 1: ReconnaissanceStep 2: Explore the PLC & SCADAStep 3: Find the correct IPStep 4: Interact with Modbus (Read Data)ModbusCoils & RegistersPump 1 & 2Step 5: Hack the Pumps (Write Data)Hack the pump … Continue reading Refinery raid →

MEGAsync Forensics and Intrusion Attribution

MEGAsync forensics can be leveraged to identify exfiltrated files, additional victims and, subsequently, perform attribution.

The End of Passwords? Embrace the Future with Passkeys.

Yesterday, unexpectedly, my personal Google account suggested using Passkeys for login. This is amazing, as Passkeys is the game-changer for cyber security because it could imply the solution to one of the biggest headaches in cyber security: password use. The problem with passwords. For decades, we have struggled with passwords as an authentication tool. They … Continue reading The End of Passwords? Embrace the Future with Passkeys. →

Generating IDA Type Information Libraries from Windows Type Libraries

In this quick-post, we'll explore how to convert Windows type libraries (TLB) into IDA type information libraries (TIL).

Transforming search sentences to query Elastic SIEM with OpenAI API

In this blog post, we will explore how a powerful language model by OpenAI can automate the and bridge the gap between human language questions and SIEM query language.