🔓
Attacks & Vulnerabilities
Using Feature Flags for Security (3 minute read)
This post provides a few examples of why it can be effective for security teams to adopt the use of feature flags. The proposed uses are: to release unreviewed code that can be enabled once it has been reviewed, to enable features only for external security testers as a beta, and to be able to speed up security incident response.
Semgrep for Terraform Security (5 minute read)
This article provides some use cases and examples of using Semgrep to secure Terraform deployments. Some examples presented are to use Semgrep to evangelize secure-by-default, internal modules, enforce opinionated rules, and prevent unverified providers. The article also works through an example of writing a custom rule for a more niche scenario.
How to enforce usage of Privileged Access Workstations for Admins (12 minute read)
This community post explains how to enforce the use of Privileged Access Workstations (PAWs) for administrators at Microsoft by using Conditional Access policies to block logins from non-PAW devices. It details steps such as tagging PAW devices, setting permissions in Microsoft Graph Explorer, and creating a device-based Conditional Access policy in the Entra Admin Center.
Apex Security (Website)
Apex's security platform provides organizations with visibility of their AI activities. Organizations can define what AI usage should look like within their environments and enforce security policies accordingly. The platform can detect violations of company policies, as well as detect and respond to attacks.
prel (GitHub Repo)
prel(iminary) is an application that temporarily assigns Google Cloud IAM Roles and includes an approval process.
PCAP Did What (GitHub Repo)
This repository presents an example of how to use the Zeek network monitoring tool with Grafana to analyze PCAP dumps and enable easy visual analysis. It contains a custom Zeek Docker build that generates Zeek log files with GeoIP, ASN, and JA3/JA4 fingerprints, a Python script for converting Zeek logs to SQLite database, as well as a custom Grafana Docker build with a pre-configured dashboard for analyzing Zeek Data.
Counterfeit Cisco gear ended up in US military bases, used in combat operations (6 minute read)
A Florida resident, Onur Aksoy, was sentenced to 78 months in prison and ordered to pay $100 million in restitution to Cisco for running a counterfeit networking gear scam that generated $100 million in revenue and put U.S. military security at risk. Aksoy pleaded guilty to conspiring to traffic counterfeit goods, mail fraud, wire fraud, and importing fake Cisco products from China and Hong Kong and selling them as genuine through various online storefronts.
A systematic literature review on advanced persistent threat behaviors and its detection strategy (54 minute read)
This research paper from Oxford University Press discusses advanced persistent threats (APTs) and proposes a detection strategy based on multi-stage attack behaviors and network vulnerabilities. It emphasizes the importance of understanding APT attack-related behaviors to improve detection accuracy and response. By integrating attributes of APT attacks into detection methods, security experts can enhance their ability to prevent these sophisticated threats.