Zero Hour Security Ryan St. Germain
-
- News
Hot topic discussions in the information security world from an everyday cybersecurity professional.
-
EP4: My Top 5 Log Sources
Today I discuss my picks for top 5 log sources you should be collecting within an organization and why.
-
EP3: Phishing simulations - How to properly use them
Phishing simulations are a popular method to help train employees on identifying malicious emails. However, there has been some negative press on the subject. While these concerns are legitimate, I am going to address why I think organizations are just using the technology incorrectly and people on twitter are overreacting.
Sources:
https://www.theverge.com/2020/12/24/22199406/godaddy-wins-2020-stupidity-award -
EP2: Securing the remote workforce
Discussion on how to secure employees while working remotely. I touch on what is needed from the management side and the technical details on the engineering end. In addition, I give some insight into what has and hasn't worked so well for my organization and delve into a case study on my organization.
This episode is based on an article I wrote here: https://rwstgermain.medium.com/securing-a-remote-force-during-covid-19-5c22f4a1554a -
EP1: SolarWinds and the state of supply chain risk
I dive into an overview of what we know about the SolarWInds breach. I also discuss my opinions regarding supply chain risk management and were we go from here. Finally I close with some details on what my thought process was in determining if my organization could have detected this.
Sources:
https://rwstgermain.medium.com
https://twitter.com/vinodsparrow/status/1338431183588188160?s=20
https://techcommunity.microsoft.com/t5/azure-sentinel/solarwinds-post-compromise-hunting-with-azure-sentinel/ba-p/1995095
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
https://pastebin.com/KD4f4w5V
https://duo.com/blog/the-beer-drinkers-guide-to-saml