Effective Detection Rules for Network and Port Scans: Implementation Strategies
Active scannings are part of the initial phases of an attack, as defined by MITRE. Close monitoring of these scans can detect threat actors and prevent incidents from causing significant impact. Although relatively straightforward, implementing such alerts with a low rate of fa…
Hardening Email with DKIM, SPF, DMARC
Email is a communication tool whose history is intertwined with that of the internet itself. Being an age-old network service, emails are susceptible to various threats, most of which are inherent to the stack of protocols that make up the solution. Over the years, several mean…
Export and Decode GAuth 2FA Accounts
Google Authenticator (GAuth) is a simple and useful app to deal with 2FA, but its simplicity comes at a cost: if you got your device stolen or kind of it, then you lose access to the accounts stored there, unless you have other means to access the accounts, like keywords or authe…
Using AWS Secrets Manager in Your Scripts
Using secrets in scripts is a problem and there's a plenty of ways to deal with it. Here, I'll explain how to use AWS Secrets Manager in your scripts to authenticate in tools and perform actions. AWS Environment To be properly used, AWS Secrets Manager (SM) requires configuratio…
Updating Signed Documents with GPG
One of these days I got the task to update some digitally signed documents, which implied in updating the signatures too. I found it very interesting, so I decided to document the steps for further reference. Scenario First, it's important to describe the scenario. The document…
Automating Incident Response: A Scalable and Robust Approach
Automating tasks in Incident Response (IR) is key to reduce the impact of incidents. Although it seems as easy as start writing scripts, in my experience, this objective must be tackled in a more scalable and robust way that encompasses security, data science, and software develo…
The Importance of Logging Strategy
Logs are a key part of successful security or IT plan because they are an outstanding mechanism to diagnose many types of incidents. That's why every corporation should have a strategy to define what logs will be tracked and for how long. Usually, different log sources overlap da…
Friction Between Red Teams and Incident Response
I've been working with the incident response (IR) for a few years and more recently when Red Teams (RTs) started trending, I experienced some avoidable friction between both teams I wanted to share. Disclaimer: This text is based on my own experience and may not reflect the whol…
Query Security Services for IP Reputation
tl;dr: Use this script to query three of the best security services on the internet about security-relevant data on IP addresses. It is common for Information Security Engineers to check if a given IP address is good or malicious and [maybe] that's why there are so many service…
Creating a Hardened Testing Environment
In my job, we needed to perform some networking tests in an unsafe network segment, so I decided to make a machine for that purpose, granting that the risks were mitigated by hardening the operating system. In this post, I describe the steps to create this environment. Installat…
Secure and Easy Password and MFA Management
Keeping credentials secure is key for good security architecture, but since there are lots of technologies to help users achieving that, most people do not know how to correctly use them. In this text, I am going to expose my way of managing passwords and Multi-factor Authentica…
AWS Certified Security - Specialty Review
For the last few months I had been studying for the AWS Certified Security - Specialty (SCS) certification and in this review, I am going to present every step I took to get this new certification in my career. The SCS (a.k.a. Security Engineering on AWS) is an advanced certific…
My Journey to CISSP Certification
In this post, I am going to share my personal experience to obtain the CISSP certification. CISSP is one of the most renowned certifications for the information security career and it is said that it is very hard to earn. Earlier this year (2020), I decided to give CISSP a try …
Linux Hardening with CIS Controls
This is a direct sequence of Installing Arch Linux, which already includes some hardening practices. This guide will go one step further because I am applying some CIS controls specific for Linux environments, obviously scoping and tailoring for my personal purposes. Security x …
Arch Linux Hardened Installation Guide
I have decided to install Arch Linux on my next laptop but first had to test it to be sure of my choice. Since I was looking for a hardened installation, which was not covered by the official installation guide, I decided to create this guide for my personal use and I hope it wi…
Minha Experiência Estudando para a Certificação CompTIA Security+
No fim de 2019, a empresa onde eu trabalho ofereceu um curso preparatório para a certificação CompTIA Security+ (S+), com direito a um voucher para o exame. Até então, essa era uma das certificações que eu planejava pedir para os contratados do SOC, mas achei uma ótima oportunid…