BLOG: Technology, Aug. 2023
GPL CC Licensed, Attribution Required (except where marked otherwise)
All are opinions and thoughts by Jeremy Pickett, attributions in documents
Embedded Files
08/29/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
In our rapidly changing digital era, technological advancements are at the forefront of societal progression. New platforms and technologies, from cloud computing and Internet of Things (IoT) to artificial intelligence and machine learning, continually emerge and evolve. While these developments offer unprecedented opportunities for innovation, they also present new avenues for potential security threats.
Each technological evolution introduces a new layer of complexity to our digital infrastructure, making it increasingly difficult to maintain airtight security across all aspects of a network. Every new device or software integrated into a system can present potential vulnerabilities that malicious hackers, also known as black-hat hackers, may seek to exploit.
#ethicalhacking #whitehathacking #cybersecurity #penetrationtesting #informationsecurity #hacking #ceh #hackers #cybercrime #hacktivism #vulnerability #riskmanagement #dataprotection #privacy #compliance #cyberattack #cyberdefense #cyberthreats #digitalsecurity #cyberawareness
08/21/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
Security exposure databases provide a rich repository of information about known vulnerabilities, misconfigurations, and open ports. Simultaneously, IP reputation services offer data on the reputation and history of IP addresses, aiding in the identification of potentially harmful traffic. Together, these resources are transforming into an indispensable part of the security infrastructure. They offer invaluable insights for a diverse audience that ranges from penetration testers looking for potential entry points in a system, threat intelligence analysts seeking to predict and prevent future attacks, to security-conscious organizations aiming to fortify their digital walls.
#Cybersecurity #VulnerabilityManagement #Shodan #Censys #Github #OpenSource #OWASP #ThreatIntelligence #IncidentResponse #Cryptography #IoT #NetworkSecurity #WebSecurity #SSL #TLS #HTTP #Ports #Scanning #Collaboration #Dependabot
08/21/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
This essay explores how artificial intelligence is transforming cybersecurity. We discuss strategies for developing and deploying AI in ways that augment human capabilities rather than replace roles. Key themes included training security teams to effectively utilize AI systems, architecting workflows with appropriate human oversight and control, and instilling ethical values like transparency and fairness within AI design.
#AI #cybersecurity #futureofwork #careerprep #AIethics #techdisruption #jobs #education #futurism #AIjobs #cyberawareness #skillingup #AIreadiness #humansandAI #career transitions #crossdisciplinaryskills #AIeducation #STEM #AIworkforce #AIpartnerships
This essay examines strategies for interrogating databases that may have been compromised by threat actors, a critical task for incident responders seeking to assess and contain damage from breaches. It focuses on highly-available databases like Oracle, MariaDB, and BigQuery, exploring subtle and obvious alterations to uncover malicious activity while avoiding extended downtime or further corruption. Ideas and concepts are portable, implementation details largely are not.
#SQLQueries #DatabaseForensics #IncidentResponse #DatabaseSecurity #DatabaseBreach #DataTampering #DatabaseInvestigation #Five9sUptime #HighAvailability #Oracle #MariaDB #Percona #AzureSQL #FireEyeMandiant
08/14/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
Ransomware attacks are increasingly common, with impacts ranging from minor disruption to complete shutdown of operations. Proper planning and preparation can greatly reduce damage. Key concepts include having an incident response playbook, conducting simulations, training staff, hardening infrastructure, maintaining backups, and weighing options around paying ransoms. Additionally, legal obligations around duty of care require reasonable cybersecurity readiness.
#databreach #cybersecurity #infosec #dataleak #hacked #breach #cyberattack #dataprotection #privacy #phishing #ransomware #hack #databreaches #dataprotection #gdpr #cybercrime #infosecurity #dataleakage #datasecurity #cyberthreat
The proliferation of connected IoT and OT devices in industrial, medical, and other environments has introduced new response challenges when breaches occur. Legacy devices often lack security controls and monitoring, forcing responders to cautiously inspect compromised systems to avoid operational disruption. Thorough investigation is essential, but safely detaining affected devices mid-operation can have serious consequences. Responders must surgically analyze systems while maintaining availability, through tactics like network flow mirrors, malware sandboxing, and selective credential rotation. Duty of care obligations necessitate managing risks devices pose when operational reliability is paramount.
Incident Report Writing (Word .docx)
08/12/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
Documenting security incidents through post-event reports is a pivotal practice in the world of cybersecurity. These reports serve multiple purposes, such as providing continuity of knowledge across responder shifts, conveying intricate details to technical teams, and informing leadership stakeholders about high-level impact and risks. The challenge lies in creating reports that cater to both technical experts and leadership, ensuring accuracy, clarity, and adaptability.
As cyber threats grow more severe and complex, partnerships between private sector security teams and law enforcement/government agencies provide mutual benefits. Bidirectional threat intelligence sharing can improve defenses and investigations. Vulnerability disclosure programs allow coordinated remediation. However, responsible data handling and ethical cooperation principles must be maintained. CISOs aim to collaborate with authorities to improve cyber resilience without overreaching. Landmark public-private initiatives include DIB-CS, GCSOC, CISP, and IT-ISACs. Ongoing collaboration requires policy alignment, transparency, maximizing participation, and protecting civil liberties.
08/11/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
This essay examines dark web monitoring techniques that balance early threat insights with ethical considerations. It covers evolving surveillance tactics, anonymization methods, specialized search tools, and frameworks for responsible intelligence gathering. Key use cases like early warning of data leaks are weighed against risks of visibility into secret forums.
Securing Analyst Welfare
Securing Analyst Welfare
Analysts require guidance and support to manage trauma or distress from unintended exposure to dark web threats. Mandatory reporting channels paired with mental health resources aim to prevent secondary injuries from disturbing content.
With deliberate policies and oversight enabling visibility while upholding ethics, organizations can implement dark web intelligence programs safely improving prevention, detection, and response against rising threats. Automation expands reach while humans provide nuanced oversight. Focused objectives align monitoring with defender goals.
Ultimately organizations must balance inquisitiveness with empathy when peering into the darker corners of the internet. Done properly, dark web intelligence becomes a microscope revealing threats early rather than a weapon causing unintended harm. But it requires diligent governance and conscientious collection to illuminate adversaries without losing defenders' moral compass.
The COVID-19 pandemic accelerated existing remote work trends, forcing a workplace transformation. Many employees now split time between corporate offices, home offices, and mobile locations. This hybrid model is likely to persist post-pandemic. Distributed workforces provide flexibility but also create cybersecurity challenges. Technical solutions include zero trust network access, VPNs, cloud access security brokers, and microsegmentation to protect decentralized assets. Policies on remote work screening, privilege management, and data handling help safeguard corporate data amidst increased workforce mobility. Privacy expectations around employee monitoring require balancing security risks. As hybrid work continues evolving, CISOs must secure corporate assets while enabling employee productivity.
08/10/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
This essay discusses strategies for effectively communicating cybersecurity risks and initiatives to corporate boards and executives to gain buy-in and funding. It covers techniques like financial impact analysis, cyber risk matrices, governance frameworks, external benchmarks, and cyber tabletop exercises. The goal is framing security as an enabler of business objectives.
08/10/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
This essay explores using automation scripts for evidence gathering during audits. It examines the benefits of automating repetitive audit tasks and generating documentation. Key points include the time and cost savings from automation, identifying ripe automation targets like control validation, and weighing risks like data tampering.
08/08/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
Methods of decrypting encrypted traffic for inspection raise concerns around privacy and ethics. Techniques include man-in-the-middle attacks, SSL inspection, TLS proxies/intercept, and network forensics. Analyzing traffic patterns and metadata can also provide visibility without full decryption. Legality varies by jurisdiction. Organizations must balance security needs with user expectations of privacy.
Cryptography refers to techniques for securing information through encryption, hashing, digital signatures and other methods. It has a long history going back thousands of years, with the modern computer era enabling more advanced ciphers. Standards like AES, RSA and SHA-2 provide trusted algorithms. Proper key management, infrastructure and secret rotation are crucial for implementation. Use cases like SSL/TLS demonstrate real world deployment. While encryption protects privacy, law enforcement may seek access, raising ethical debates.
08/06/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
Fuzz testing involves feeding invalid, unexpected, or random data into an application to find bugs. It can reveal flaws missed by static analysis. Best practices include designing structured fuzzing campaigns, maximizing coverage, and continuously evolving test corpora. Fuzzing is powerful but could degrade availability without safeguards.
08/06/2023 by Jeremy Pickett :: Buy Me a Coffee (small tip)
This conversation explored how zero trust architecture principles like least privilege access, multi-factor authentication, segmentation, and encryption can help organizations securely enable remote work and digital transformation across complex hybrid environments. Implementing zero trust was discussed through technologies like software-defined perimeters, cloud access security brokers, network microsegmentation tools, and privileged access management. Leading platforms from Microsoft, VMware, Cisco, Okta and Palo Alto Networks help enable zero trust capabilities. Phased deployments focusing first on protecting critical assets were advised. While zero trust strengthens security posture overall, potential privacy dilemmas were raised regarding extensive logging, surveillance, and friction from stringent access controls. Organizations were encouraged to mitigate privacy risks through governance that ensures zero trust policies balance security, privacy and user experience through measures like data minimization, transparency, training, and risk assessments. When thoughtfully implemented, zero trust principles allow enterprises to reduce cyber risk and confidently innovate with the cloud and other emerging technologies.
Deception involves inherent ethical risks if oversight is lacking. Security teams should ensure deception campaigns focus on asset protection, minimize falsehoods, and maintain transparency. Historically informed strategies must also translate thoughtfully to the digital domain. When applied judiciously with ethical foundations, deception flips the asymmetric advantage attackers typically enjoy by revealing their tools, tactics, and behavioral patterns to defenders. Integrating deception into incident response stacks enables more proactive anticipation of threats versus just response after incidents escalate.
Securing containers requires using minimal read-only images, automating security scanning, managing vulnerabilities aggressively, restricting runtime privileges, and segmenting network traffic. Kubernetes has matured with role-based access control, network policies, and pod security standards to harden deployments. Monitoring runtime activity and implementing centralized security visibility across cloud environments is also critical. With proper controls, processes, and expertise, organizations can benefit from the agility of containers while ensuring risk is managed.
Surviving cyber warfare requires exceptional readiness to defend against the most severe and destructive attacks from advanced nation-state adversaries. As an incident responder, my expertise in investigation, containment, and remediation equips me to provide guidance on preparing for and surviving this threat. Historic cyber warfare campaigns like Stuxnet, NotPetya, and the attack on Ukraine's power grid provide key lessons on the sophistication of these attacks and importance of resilience.
Page updated
Google Sites
Report abuse