This blog post presents useful PowerShell commands aimed at security engineers and system administrators, focusing on audit and log analysis, malware and threat hunting, and system hardening. Key commands include monitoring login events, checking for suspicious scheduled tasks, verifying Windows Defender status, and disabling SMBv1 to enhance system security.
Tag Archives: Tech Blog
Powershell commands for Security and System Administration (Part 1)
The blog outlines essential PowerShell commands for system administration, focusing on fault investigation, security assessments, and incident response. It covers commands for system and process monitoring, network and firewall analysis, and user and permission management. The author intends to develop their skills and provide a valuable resource for similar tasks.
Vectr Blue/Red Team assessment tool (installation and configuration in Linux)
VECTR is a platform for tracking and optimizing red and blue team testing. It allows organizations to simulate attack scenarios and improve detection capabilities. This blog covers installation on Ubuntu 24.04 LTS using Docker, detailing prerequisites, setup steps, and initial navigation of the application with default credentials. Future topics will include advanced configurations.
OpenCTI Threat Intelligence Platform (adding connectors and feeds)
This blog outlines the integration of two external-import connectors, MITRE ATT&CK and AbuseIPDB, into the OpenCTI platform to enhance Threat Intelligence data ingestion. It provides step-by-step instructions to configure these connectors using docker-compose.yml, including necessary adjustments for URLs and API keys to facilitate data import.
OpenCTI Threat Intelligence Platform (deployed using Ubuntu and Docker-Compose)
Deploying OpenCTI, a powerful threat intelligence platform, using Docker Compose on an Ubuntu virtual machine is a quick and efficient way to set up a scalable cybersecurity solution. OpenCTI provides analysts with tools to visualise, analyse, and share threat data seamlessly. By leveraging Docker Compose, you can simplify the deployment process, ensuring all necessary servicesContinue reading “OpenCTI Threat Intelligence Platform (deployed using Ubuntu and Docker-Compose)”
Arkime Network Analysis & Packet Capture tool (deploying a local demonstration instance)
Arkime is an open-source tool for network traffic capture and analysis, streamlining packet capture with detailed searches and integration with security tools. This blog guides on installing Arkime on Ubuntu using ElasticSearch as the backend. It covers setup and configuration steps, culminating in accessing the Arkime viewer for network insights.
An introduction to Elasticsearch Query Language (ES|QL) – Part 2
This blog post discusses advanced ES|QL features that enhance querying efficiency, including histogram data aggregation, the WHERE command for precise filtering, field type conversions for accurate data handling, and managing multivalued fields. Examples illustrate these concepts, emphasizing their application for effective data insights in Elasticsearch.
An introduction to Elasticsearch Query Language (ES|QL) – Part 1
Elasticsearch Query Language (ES|QL) is a new piped query language that allows users to filter, transform, aggregate, analyse and display data in a single workspace with a single query.
Running an Elasticsearch cluster using Docker (Windows).
This blog contains a guide on how to deploy a small Elasticsearch cluster for testing and development purposes on a windows host using Docker.
Generative AI and a Threat to National Security
Generative AI, exemplified by ChatGPT, presents both advantages and risks to society. With millions of users, it faces misuse issues such as misinformation, disinformation, and the sharing of sensitive information. Threats include digital, physical, and political security concerns, fraud, and child exploitation. Addressing challenges involves caution, human validation, security measures, and user education. Governance and regulation are essential.
You must be logged in to post a comment.