Technology and Cybersecurity Blog
Information technology moves fast but some books and texts have a longer and more relevant shelf-life than others. Here are some of my picks that I would want cybersecurity analysts to read and keep handy at all times. These picks won't satisfy everyone or meet every need but they do address cybersecurity from risk management to incident response. Hopefully, you find these helpful...I have. [MORE]
Aaron Kagawa manages this amazing website: Inspiring Hawaii's Students to Become Engineers. "The purpose of this list is to show our local students the faces of Hawaii born engineers or engineers doing work in Hawaii. The goal is to inspire them to go for an engineering degree.
If you want to help out send us your advice to the students, what high school, college, and where you work to hawaiiengineers at gmail dot com. Or by doing it via code https://github.com/HawaiiEngineers/ hawaiiengineers"
The challenge is to implement and configure tools in the Windows operating system that are already part of Windows or owned by Microsoft (e.g. free to use but from a trusted source) that collect and log these observable artifacts on a host over time for incident detection and analysis. Sysmon is a unique tool in that it is able to collect most of the relevant STIX Cyber Observables and it is provided by Microsoft free of charge. [MORE]
Many analysts rely on the open source and paid Snort/Suricata rulesets for their intrusion detection systems (IDS). You would hope that before applying any rule, the analyst has reviewed the rule, made sure it was applicable to the environment based on the position of the IDS sensor in the network and what the rule is looking for. However, we do know that most analysts apply the thousands of rules first, and then deal with the false positives after. Therefore, I wrote a Python script that parses all the rules in a ruleset and then generates reports to help analysts determine what ports, IPs, protocols and content is covered by the ruleset. By doing this type of review, analysts can identify categories of rules they should disable from the start or may determine that the ruleset fails to cover certain types of activity. For more information, check out the GitHub repository here.