Niklas Särökaari retweetledi
Niklas Särökaari
465 posts
Niklas Särökaari
@ukk1sec
Detection engineering and threat hunting
Helsinki Katılım Ağustos 2013
86 Takip Edilen427 Takipçiler
Niklas Särökaari retweetledi
Niklas Särökaari retweetledi
A good detection includes:
- Clear aim (e.g, remote process exec on DC)
- Unlocks end-to-end workflow (not just alert)
- Automation to improve decision quality
- Response (hint: not always contain host)
- Volume/work time calcs
- Able to answer, “where does efficacy need to be?”
English
As valuable time may be lost in triage when responding to an incident, having wide detection coverage and automated response procedures are critical.
Tim MalcomVetter@malcomvetter
A few years ago, having gone deep into the #redteam world, with a world class #blueteam chasing us, I started thinking about the adversary’s access in time. How can you do more with less time? 👇
English
Niklas Särökaari retweetledi
A lot of security pros have remarked that this breach vs #Uber looks, quacks and walks like activity from the LAPSUS$ data theft/ransom group that got busted up earlier this year. But the truth is LAPSUS$ gave others a playbook for getting into F500 companies that reliably works.
English
Unfortunately this stuff still works and RTs usually goes the extra mile 😅
English
Excellent technical talk about business email compromise case in Microsoft environment by @ukk1sec at @HelSecurity meetup. Available on Youtube later I think!
English
Tekstiviestihuijausten takana ollut Flubot -vakoiluhaittaohjelma ajettiin alas viranomaisyhteistyöllä.
poliisi.fi/-/tekstiviesti…
Suomi
English
Some great stuff here by @reprise_99 - I've felt semi proficient in KQL, but just found out I can forgo joins in certain queries completely by just reading Matt's stuff - What else have I missed, need to check more :)
Be sure to tag this repo! github.com/reprise99/Sent…
English
”VBA macros obtained from the internet will now be blocked by default.” 👏👏👏
Tom Gallagher@secbughunter
We're making some changes to the way Office macros work to improve security. Details here - techcommunity.microsoft.com/t5/microsoft-3…. Thank you to folks across the security and Office platform teams for supporting this work - especially the Security team's PM Kellie.
English
Must read.
John Lambert@JohnLaTwC
Attack and defense focus a lot on techniques, but underpinning those techniques is a mindset 🧠. Some thoughts over the last few years on the defender's mindset: @johnlatwc/defenders-mindset-319854d10aaa" target="_blank" rel="nofollow noopener">medium.com/@johnlatwc/def…
English
Niklas Särökaari retweetledi
Scott on the @TrimarcSecurity team wrote this much needed & excellent article on how best to protect an Active Directory environment & it's more than just AD.
Article covers protecting workstations/servers including GPO configuration.
This is a must read
hub.trimarcsecurity.com/post/implement…
Trimarc@TrimarcSecurity
New article from @ScottWBlake on protecting privileged credentials in an Active Directory environment. Recommendations: * Limit # of priv accounts * Remove DA local admin rights * Control systems DAs & EAs can access * Ensure local admin pw changes often trimarc.co/tw-ProtectingP…
English
@ukk1sec Ketäs kaikkia muuten teit siinä oli? Sinä, @heikkistark?..
Suomi
Eilen katkesi Team ROTin voittoputki LähiTapiola hackdayssa. Onnea - @ukk1sec ja muut! 🙏
Järjettömän hyvä fiilis jäi kyllä Hackdaystä kiitos järjestäjille ja tuomareille. Tommi Läntisen yllätys kyllä kruunasi kaiken.
Suomi
Niklas Särökaari retweetledi
In the series of “books I wish I’d read sooner” is @networkattack’s
Network Attacks and Exploitation: A Framework. I really appreciate the solid examples and the focus on humanity throughout. amazon.com/Network-Attack…
English