Hey! I am back with a new cycle of threat huting articles special for you. And in this part we are going to look into the basics of The Diamond Model of Intrusion Analysis and what it is about. I’ll try to keep it solely practical and simple. This thing is pretty popular in jobs requirements and is even implemented inside OpenCTI Platform! Is this a real thing or yet another empty shell? Let’s dive in! ...
Do you want to optimize your Mean Time To Response in your SOC? Do not feed your SOC with misconfigurations! What’s the problem?🤔 You see, there are lots of alerts in your SIEM which your SOC analysts have nothing to do with. Examples could be: Unauthenticated service found Publicly available endpoint Password authentication on SSHD Security Operation Center is a great resource to find and contain threats, but very often SOC analysts encounter misconfiguration alerts which tell you only about probability of exploitation, not the malicious behaviour / threat has already occured. ...
Hey! Recently I’ve presented a talk at BSides Yerevan 2025 about how to attack and defend your AWS Lambda serverless functions. This was my first attending of conference as a speaker and I am proud to be a part of invited speakers pool. Many thanks to CyHub Armenia! I would like to share my slides and demonstration I showed during my presentation. Don’t forget to mention me when using parts of my materials👀 ...
After authentication goes authorization, right? WRONG!❌ Well… Not immediately. According to ZeroTrust methodologies, you have to dynamically make a decision of authorizing (or not) requests depending on state of your user / device / application and combinations of them🤔 Think of authorization decision as a control plane “brain”, which instead of granting permissions right after authentication considers a few factors: device type: mobile / laptop location of device and / or user history of user-agents application access history of the user NAC-compliane of device etc Why It makes your security less rigid than static policies, more flexible and context-rich. Also instead of simply denying request, you could ask for another auth-factor such as TOTP or SMS code. ...
Wanna know how to securely store passwords in DB? There is a way to do it more securely than doing SHA256(salt|password). Recently I’ve read a great article about bcrypt and now I will definitely use it to hash passwords🔐 The trick is in ability to control the complexity of hashing passwords so even in case of DB compromise the attackers will be significantly slowed down while brutefocing your hashed passwords👾 Also your passwords will be prune to precomputed rainbow tables because all passwords have their own salt baked into password. ...