Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Staff Picks for Splunk Security Reading May 2021
By
Ryan Kovar
|
Howdy, folks! A new month, so a new list of security picks! Splunk security nerds (employees and customers) like to make things. They like to make LOTS of things. But sometimes...they get lost! So as we promised in early 2018, we are bringing you some golden security nuggets you might not have seen before. These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read.
Check out our monthly staff security picks and our all-time best picks for security books and articles. I hope you enjoy.
|
|
2021 Data Breach Investigations Report by VZ DBIR team Every year I sit down with the Verizon DBIR report, grab a cup of coffee, a notebook, and get educated on real data science. Or breaches. Maybe it's just visualization techniques. Either way, I walk away with lots of education. This year was no different... well, except that I did my review via live-tweeting. One thing I found fascinating was the reduction in card skimming. Not surprising was the use of Ransomware. I loved their data on DDoS. You could take this part to the bank and write yourself a purchase order for a DDoS mitigation service. Take a peek. You won't be disappointed. |
|
|
Most cyber criminals and even state actors are defaulting to Cobalt Strike as their go to C2 (gasp latest trend), it is imperative to start mapping and hunting open Cobalt Strike team servers. Not only to study them, map out attack campaigns but also understand our enemy, and to build better detections. Sergiu does a great job and describing some common techniques for hunting open Cobalt Strike team servers in the internet as well as how to rip down their configs to further dissect what they are configured to accomplish. As part of his write up he also provides a up to date list of Cobalt Strike team server he discovered and some novel ways to detect them via JARM fingerprints. |
|
thaaatttss all folks |
The Full Story of the Stunning RSA Hack Can Finally Be Told by Andy Greenberg This story dropped a week or so ago, but in case you didn't see it, I wanted to bring it to your attention. Andy Greenberg has a great piece in Wired on the RSA hack from 10 years ago and with the NDAs lifted, participants in that attack share more detail and depth of the attack than had been publically been shared before. This was a fairly famous attack, mainly due to the fact that it targeted the seeds for the tokens that RSA produced for numerous companies. I am old enough that I have had many of these hard tokens during my career as I am sure many of you have as well. Having the platform that had the seed values compromised had to have been RSA's worst nightmare. The article goes into how close they were to the adversary as data was being exfiltrated, the communication effort required post-breach, additional attacks on other companies that involved data stolen from this breach, as well as the level of paranoia that RSA and likely any company that has been breached feels. It's a great article and highly recommend you check it out! |
Related Articles
About Splunk
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
