This blog series instructs on installing the Elastic Stack—Elasticsearch, Logstash, Kibana, and Fleet agents—in air-gapped environments for enhanced security. The guide outlines prerequisites, lab setup, and necessary packages, emphasizing the importance of proper file transfer and organization. Future posts will detail Elasticsearch and Kibana installation processes.
Category Archives: Tech Blog
A Day in the Life of a SOC Analyst: What Really Happens Behind the Screens
The post explores the vital role of Security Operations Centre (SOC) analysts in cybersecurity. It outlines their daily tasks, including triaging alerts, deep investigations, and collaboration across teams. The challenges they face, such as alert fatigue, and the rewards of preventing threats are emphasized. The importance of continuous improvement and effective tool usage is also highlighted.
Top 10 Security Misconfigurations That Leave Companies Exposed
Cybersecurity breaches commonly arise from avoidable misconfigurations rather than elite hackers. Key issues include exposing RDP, weak passwords, permissive firewalls, unsecured file shares, outdated software, lack of multi-factor authentication, misconfigured cloud storage, excessive user privileges, inadequate logging, and poor backup practices. Addressing these can significantly enhance security.
Detecting GitHub-Based Backdoored Malware Repositories with Elastic
A Sophos investigation revealed over 140 GitHub repositories distributing backdoored malware disguised as game cheats and hacking tools, targeting inexperienced cybercriminals. Threat actors used automation for legitimacy, raising concerns about open-source exploitation. Elastic Security’s strategies, including detection rules, help safeguard against such malicious activities within developer environments.
Markdown Mastery: Stop Writing Like a Caveman and Start Formatting!
This guide humorously outlines how to enhance documentation using GitLab-Flavored Markdown (GLFM). It emphasizes the advantages of Markdown for clear, organized content, including features like tables, Mermaid diagrams, and code formatting. The aim is to upgrade dull documentation into engaging, professional pieces that are easy to read and update.
GEKO Part 3: Gitlab + Elasticsearch + Kibana!
This content introduces the integration of Elasticsearch and Kibana in the GEKO stack, supporting Detection as Code. Steps include starting these services, managing detection rules through GitLab, and visualizing data. The guide emphasizes automation, validation, and creating dashboards for security management, encapsulating a modern approach to security engineering.
GEKO Part 2: Gitlab + Elasticsearch + Kibana!
GEKO integrates GitLab, Elasticsearch, and Kibana to enhance detection rule management through a framework called Detection as Code (DaC). After setting up GitLab using Docker, users can register a GitLab Runner to manage tasks efficiently. The project emphasizes automation, version control, and enhanced visibility for scalable systems.
GEKO Part 1: Gitlab + Elasticsearch + Kibana!
The content introduces GEKO, integrating Gitlab, Elasticsearch, and Kibana for enhanced rule management termed Detection as Code (DaC). It outlines prerequisites, hardware, and software requirements, followed by a detailed deployment guide using Docker. The conclusion emphasizes the successful setup of GitLab and suggests next steps for further configuration and functionality.
Powershell commands for Security and System Administration (Part 2)
This blog post presents useful PowerShell commands aimed at security engineers and system administrators, focusing on audit and log analysis, malware and threat hunting, and system hardening. Key commands include monitoring login events, checking for suspicious scheduled tasks, verifying Windows Defender status, and disabling SMBv1 to enhance system security.
Powershell commands for Security and System Administration (Part 1)
The blog outlines essential PowerShell commands for system administration, focusing on fault investigation, security assessments, and incident response. It covers commands for system and process monitoring, network and firewall analysis, and user and permission management. The author intends to develop their skills and provide a valuable resource for similar tasks.
You must be logged in to post a comment.