learnings from the battlefield

The past 12 months have seen 6 New Zealand security professionals embark on a volunteer project that is focused on finding security issues that concern New Zealand businesses and our address space. This group has become known as “Threat Safari”.

A large percentage of the findings that we’ve made are phishing sites and dumped credentials, but we’ve also made some significant achievements in discovering and aiding the resolution of botnet and malware infrastructure in New Zealand.

This post was originally published in May of this year, and has been updated and republished to accompany my purplecon talk: Roast Criminals, Not Marshmallows.

lion_hiding

Continue reading “learnings from the battlefield”

building the rats nest

This short and sweet blog post will cover some recent additions to my Malware Hunting repo.

happy_rat

A good part of my (spare) time over the past few months has been devoted to constantly building upon my BSides Wellington talk, which – because I like to practice what I preach (and only preach what I truly believe in) – has also involved rolling out a good deal of the content of the talk to my workplace network… the defensive measures that is, not the malware. All I can say is Bro + Critical Stack Intel Client + ELK = badass!

Continue reading “building the rats nest”

missing links

Over the past couple of months I’ve been preparing a talk entitled ‘Beer, Bacon and Blue Teaming’. It covers building solid defense on a shoestring budget, with an outline along the lines of:

  • OSINT sources.
  • Spam traps.
  • Honeypots.
  • Automated analysis.
  • Dissecting LuminosityLink:
    • IDS.
    • Sysmon.
    • Configuration extraction.
    • Yara rule creation.

In this short blog post I’ll run over a few of the items in brief detail. Continue reading “missing links”