Playing with the Tenable.sc API and PowerShell

Here I start a new series of posts where I’ll show how to work with the Tenable.sc API using PowerShell as the scripting language. There is an amazing Python library, pyTenable, which I recommend if you can use Python in your environment, but if you for whatever reason cannot use Python - I might know somebody with that problem 😉 - or you just want to learn an alternative, this is the place! [Read More]

Improve your detections with the ATT&CK framework

I also want to use the ATT&CK Framework If you want to improve the detections and the effectiveness of your SOC against attacks targeting your organization, the hottest thing right now is the ATT&CK framework and Threat informed defense. However, if you don’t have the resources to hire external consultants to setup this for you, it can be overwhelming for small organizations to get onboard the ATT&CK ship. I’m going to try and ease the process for you, the only prerequisite is that you know your organization, your own network and what you are logging right now. [Read More]
att&ck  soc 

Splunk Corelight CTF Walkthrough - Part 2

This is the second part of my walkthrough for the Splunk Corelight CTF, you can fin the first part here. You can find the CTF in Splunk’s BOTS site. SPOILER ALERT: I INCLUDE ALL THE ANSWERS TO THE CTF, BUT HIDDEN, SO YOU HAVE TO CLICK TO SEE IT, IN CASE YOU WANT TO PLAY ALONG Now, let’s play the second scenario. Scenario 2 Important: use for this scenario the index “ctf” [Read More]

Splunk Corelight CTF Walkthrough - Part 1

EDIT: You can find the second part here Today I’m here with a walkthrough of the threathunting CTF offered by Splunk on its BOTS site. You can register for free and although it has a limit to play it of 3 hours, you can replay it as many times as you like. If you are familiar with the BOTS CTFs published by Splunk in previous years, you be familiar with the format, if not, is very easy, you have a series of questions and you have to find the answer on the logs using Splunk. [Read More]

Create your own blog with hugo and S3

For my first post I thought, what best that making a little guide on how I created this blog. It’s based on Hugo, a markdown to HTML converser and site generator. Years ago I started with Jekyll, but now I moved to Hugo and I like it better. For hosting, I initially used GitHub pages, but at the end I followed Graham Helton idea and decided to use a bucket in AWS S3; it’s not free, but very cheap, and allows you to have your own domain name. [Read More]