TOPIC: Cybersecurity

Living off the Land - WST

 Many malicious users try to fly under the radar by using built in system commands or living off the land as its often called. Built in system commands typically don't look out of the norm and allows the malicious user to perform tasks such as: domain enumeration, load malicious code using a scheduled task, start remote processes, and more.
Figure 1: user enumeration using system commands By default, these commands are not logged on windows hosts; however, logging can be enabled. Once enabled, you can go a step further and forward these logs into your central logging or SIEM (i.e., Security Information and Event Management) solution for additional parsing and alerting.
Figure 2: Event viewer show command line usage To enable edit the following GPO or registry settings.  For additional information, visit the following Microsoft article:  https://devblogs.microsoft.com/commandline/how-to-determine-what-just-ran-on-windows-console/  Enable the Audit Process Creation audit policy so that 4688 events are generated by editing the following GPO Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed TrackingEnable the Include command line in process creation events by editing the following GPO Computer Configuration\Administrative Templates\System\Audit Process Creation. Or enable on the local system by, editing the local registry HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit\
ProcessCreationIncludeCmdLine_Enabled
registry key value to “1”. Authored by - Brian Hitchcock CISSP, OSCP, PCNSE, ACCP 

    Risk Assessment for Security Control

    CIO at a credit_union ($428MUSA)
    Instead of purchasing a Network Access Control server we have decided to do MAC Address Filtering instead. When it was discussed with our NCUA auditor; it was indicated that this would be acceptable providing we did a risk assessment for this control option. Does anyone have a sample of a risk assessment for something like this?

      Whitepaper | Global Criminal Enterprises Pursue the Most Profitable Crime Model in Modern History

      Global Criminal Enterprises Pursue the Most Profitable Crime Model in Modern History:
      Distributing Losses Across the Financial Services Industry

      Authored by Chris Swecker
      Financial Crimes Consultant and Attorney
      Assistant Director, FBI (retired)
      Former Global Security Director, Bank of America


      Download Now

      In this thought provoking white paper, Chris Swecker, Former Assistant Director, FBI, claims that “An honest assessment of the current vulnerabilities of the financial services industry paints a picture of an industry rife with cracks and seams that are systematically exploited.”

      Swecker shares numerous eye-opening real-life cases to support his position that “Only by understanding the full nature and scope of the threats presented by financial crime conspiracies can our industries and agencies mitigate and prevent these losses.”

      Download Now