This is a blog post I wrote for LifeOmic: Ransomware is a scourge on businesses everywhere today, and the Kaseya ransomware incident was no different. Except, it was an exceptional attack that utilized advanced procedures not normally seen in large scale, public, ransomware incidents. TrueSec provides an excellent overview of the initial compromise: Obtained an … Continue reading Corporate Blog: A Look at the Kaseya Incident
S3 Replication with KMS
After much research, I have realized that there isn't really a concise, straight to the point guide on designing replication in S3, using SSE-KMS, and cross-account ownership. So, a quick guide on what has worked for me: In your ORIGIN ACCOUNT Create origin BucketCreate origin IAM roleCreate origin IAM PolicyCreate origin KMS keySet up origin … Continue reading S3 Replication with KMS
Multiple KMS Principals in Terraform
CORRECTION: You can actually implement policies through the normal procedure, example below: principals { type = "AWS" identifiers = [ "ARN", "ARN" } However - You must verify that your Roles are already created! Otherwise you will get what appears to be a generic failure. It was just a coincidence for me that I deployed … Continue reading Multiple KMS Principals in Terraform
COVID19 Threat Sharing Group
Recently I joined a COVID19 threat sharing group. It is pretty amazing watching the data analysis and community driven response to the pandemic. One of the biggest contributions the community has made is publishing an easy to access blacklist: https://blocklist.cyberthreatcoalition.org/vetted/At time of this writing the domain and URL categories are very fleshed out, and each … Continue reading COVID19 Threat Sharing Group
Initial Security Onion Problems
I have been working on implementing Security Onion in a production environment. The two major problems that have given me headaches so far is storage on the sensor nodes, and internal networking. Networking Problem Security Onion uses docker to create and manage different aspects of itself. Below is a good image of the different containers … Continue reading Initial Security Onion Problems
Threat Emulation – Tune Tune Tune
Today's compliance environment requires more and more monitoring to be put in place, which is awesome! More logs, more samples, more alerts! However, just implementing and monitoring a SIEM or other log/alerting solution is not really going to ensure you're seeing what you need to so. Instead you might want to consider a bit of … Continue reading Threat Emulation – Tune Tune Tune