Welcome Recon Wave as an organizing partner of the Honeynet Project Workshop 2025 in Prague!
Recon Wave is a powerful attack surface monitoring platform that requires no installation or internal access. From continuous risk tracking to subdomain takeover prevention, they help organizations stay ahead of threats before attackers do.
📅 June 2–4, 2025
📍 NTK, Prague
🔗 https://prague2025.honeynet.org
#Honeynet2025 #Cybersecurity #ThreatDetection #SecurityMonitoring #SOC #Deception
What if you could catch vulnerabilities before they cost millions? Discover how Wazuh seamlessly embeds security into every phase of DevSecOps, automating threat detection and compliance like never before. Curious about the game-changing integration?
https://thedefendopsdiaries.com/enhancing-devsecops-with-wazuh-a-comprehensive-guide/
Security Monitoring — Threat Modelling and Data Sources: https://detect.fyi/security-monitoring-threat-modeling-and-data-sources-fa216f3a206d
Security Monitoring Antipatterns: https://www.infernux.no/SecurityMonitoringAntipatterns/
Pitfalls of relying on eBPF for security monitoring (and some solutions): https://blog.trailofbits.com/2023/09/25/pitfalls-of-relying-on-ebpf-for-security-monitoring-and-some-solutions/
Recommendations for implementing an effective security monitoring strategy in AWS: https://cloudonaut.io/2023-08-04-aws-security-monitoring/
With regard to enterprise security monitoring, many folks agree that it's best to be able to monitor from the top down, passively gathering network telemetry from a SPAN port or network TAP.
While there is ETW, Sysmon DNS and network connection logs, and more, how much of an impact has it been to not have more verbose network telemetry available during your investigations?
We got together with security professionals a while ago to talk about security monitoring strategies.
But could they be more effective if combined with robust risk scenarios, aligned to your organisation?
https://cydea.com/blog/the-link-between-risk-scenarios-and-detection-use-cases/
#PositiveSecurity #RiskManagement #SecurityMonitoring #RiskScenarios
We're getting into "silly season" at the end of the year. With that in mind, I've thought about the things I did in 2022 that I found most interesting, helpful, or potentially impactful.
First, there's the paper on #CTI-driven #ThreatHunting I wrote and presented on at several events:
https://www.gigamon.com/content/dam/resource-library/english/white-paper/wp-intelligence-driven-threat-hunting-methodology.pdf
Then, there was my @VirusBulletin paper on the #XENOTIME actor responsible for the #Triton event, which I thought was neat as a deep-dive into organizational relationships that get masked in our tracking a single "adversary:"
https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Zeroing-in-on-XENOTIME-analysis-of-the-entities-responsible-for-the-Triton-event.pdf
On a personal front, I wrote up some prelimianry analysis on the #Industroyer2 attempted (?) #ICS #OT incident as part of the conflict in #Ukraine - and there are still some items raised there for which we don't have answers several months after the incident was discovered:
https://pylos.co/2022/04/23/industroyer2-in-perspective/
Finally, I wrote a blog for my employer diving into the idea of the #FalsePositive in #DetectionEngineering and #SecurityMonitoring that I think is helpful for analysts from #IR to the #SOC
https://blog.gigamon.com/2022/08/05/revisiting-the-idea-of-the-false-positive/
I need to think this over a bit, but look for something covering the most insightful work of others, from my perspective, from the past year!
Cynet Offers Free Threat Assessment for Mid-Sized and Large Organizations - Cynet Free Threat Assessment spotlights critical, exposed attack surfaces and provides actionable ... more: https://threatpost.com/cynet-offers-free-threat-assessment-for-mid-sized-and-large-organizations/153006/ #freethreatassessment #securitymonitoring #websecurity
