Aaron Crow went from being OT tech support within a power generation facility to being responsible for cybersecurity, pivoted into consulting, and eventually became the CTO of a cybersecurity company. In this #TechTalkTuesday, he talks about industrial/OT cybersecurity, how he got into the field, how people just starting out can get into the field and common mistakes that asset owners make securing critical infrastructure facilities.
Process Hacker is a free and powerful tool for identifying the behaviors associated with an application. In this edition of #TechTalkTuesday, we explore the features of process hacker and discuss how you can use it during your threat hunting and incident response efforts within your cybersecurity program.
User agents are a core part of the HTTP specification and can baseline user activity and behaviors while cyber threat hunting or performing incident response. In this edition of #TechTalkTuesday, we provide an overview of user agents, how to detect three known enumeration tools, and how to detect unknown malicious behavior using user agent analysis.
In this edition of #TechTalkTuesday we explore Window’s advanced audit logging for network connections and talk about how you can leverage Window’s built-in features to discover attackers. We explore success and error event IDs to examine connections, packets, and ports associated with applications and lower-level protocols.
The Windows event logs are a powerful funnel point for identifying hackers that leverage Windows accounts for access, lateral movement, and in other attack stages. In this edition of #TeckTalkTuesday, we explore logs within the advanced audit policy settings you can add to your threat hunting and incident response program to uncover attacker use of both domain-joined and local Windows accounts.
Vulnerabilities are unavoidable. And while patches serve as permanent fixes for vulnerabilities, it’s not always possible to patch systems due to operational constraints. In this edition of #TeckTalkTuesday, we explore what you can do to protect yourself when you can’t immediately patch using three industrial security CVEs disclosed last week.