My Security team at #Plexure, in #Auckland, #NZ, is #hiring for a #SecurityAnalyst and #SecurityEngineer. We are a cloud-native organization that delivers APIs for some of the world's leading fast-food restaurants, and are looking for people with experience in #appsec, #compliance, #GDPR, and reviewing and improving security posture. #fedihire #hiring Security Analyst: https://plexure.breezy.hr/p/65e1bdf956b5-security-analyst?state=published
Security Engineer: https://plexure.breezy.hr/p/0229cfabdbaf-security-engineer?state=published

I decided to write a Jupyter Notebook that can automate the process of collecting IOC’s from Twitter and putting them in Microsoft Sentinel using MSTICPy.
This tool can help security professionals save time and quickly identify potential security threats.

In this blog post, I will explain the process of creating this tool and how it can be used to enhance your cybersecurity efforts.

➡️ Blog Post: https://lnkd.in/dnFutQSe

➡️ GitHub: https://lnkd.in/d73rJhN9

➡️ Video Demo: https://lnkd.in/dqPyZjWd

#notebook #jupyternotebook #sentinel #microsoftsentinel #python #ioc #threatintelligence #ti #twitter #api #soc #securityanalyst #threatintelligenceplatform #tip #threatindicators #indicators #jupiter #azure #microsoft #cloud #cloudsecurity #threathunting #threatinvestigation #osint #tweet #blocklist #malware #xdr #defender #msticpy #tweepy #pandas #cybersecurity #video #github #security #help

"Public preview of near real-time custom detections in Microsoft 365 Defender.

You can now create custom detection rules that run in near real-time, in addition to existing frequencies ranging from every 24 hours to every hour. These detections can be integrated with the broad set of Microsoft 365 Defender across email, endpoint, and identity, leading to faster response times and faster mitigation of threats.

This new frequency will be available in Microsoft 365 Defender as Continuous (NRT). "

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/respond-to-threats-in-near-real-time-with-custom-detections/ba-p/3761243

#microsoftsecurity #microsoft365 #microsoft #defender #microsoft365defender #xdr #nrt #nearrealtime #detection #soc #azure #cloud #cloudsecurity #soc #analyst #securityanalyst #cybersecurity

Adversary-in-the-middle (AiTM) phishing is capable of circumventing multifactor authentication (MFA) through reverse-proxy functionality.

Dig into an example of a real-life attack and explore how to mitigate these types of attacks.

https://www.microsoft.com/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/

#AiTM #mfa #2fa #multifactorauthentication #azure #azuread #azureactivedirectory #defender #xdr #microsoft365defender #microsoft #microsoftsecurity #microsoft365 #conditionalaccess #antiphishing #sentinel #microsoftsentinel #identity #identityprotection #reverseproxy #cybersecurity #iam #iag #ueba #credentialtheft #phishing #soc #securityanalyst #monitoring #risk

Once an accidental coder, now a successful security analyst! This unnamed girl's passion for coding led to a rewarding career, promotions, and contracts with top tech companies. Her story inspires us all to pursue our passions and push beyond our limits. Anything is possible with hard work, determination, and a bit of luck. #WomenInTech #SuccessStory #Coding #SecurityAnalyst

Less than 3 minutes, and there were 60 attempts blocked by the firewall. This goes on 24/7. Here’s the edited report and explanation.

One of my clients wanted me to block IP addresses from all but five countries. Originally there were only three countries allowed, but over the course of time business needs warranted allowing traffic from two more countries.

The firewall is passive. In other words, it logs the event, but it returns no response to the IP address in the other country. A response would trigger additional activity.

There are many ways for cybercriminals to circumvent this. It’s not perfect.
1) Blocking IP addresses by the country of registration does nothing to stop similar probes from a proxy in one of the allowed countries.
2) This doesn’t stop malicious links or attachments in emails from servers in allowed countries.
3) This doesn’t stop employees from visiting infected websites in allowed countries.

But it does significantly reduce contact with malicious or infected servers. For example, suppose an employee receives an email that contains a malicious link pointing to one of the blocked countries. If the employee is tricked into clicking on the link, the link doesn’t work, and the employee gets a notice on their screen that it’s forbidden. At the same time, a firewall log entry is generated. This event can be used for one-on-one training with the employee, so they better understand how to identify suspicious links.

SPECIAL CASE: INTERNATIONAL CORPORATIONS
“But Bob, my company is international. We have traffic from almost every country.”

You might want to think that through a little more carefully. Ask yourself, “Do the Customer Care agents handling North America really need traffic from IP addresses in Western Europe?” You might find that the firewall rules for the Detroit office, the London office, and the Tokyo office can all be made more secure with custom geographic IP address block lists.

Of course, that means you’ll need enough cybersecurity staff to stop using cookie-cutter firewall rules in all 700 offices. You’ll need to analyze the traffic in each office, see where the legitimate traffic endpoints are, and only block the others.

#callmeifyouneedme #fifonetworks

#cybersecurity #firewall #soc #securityanalyst

Imagine this. An advanced adversary has bypassed your perimeter defenses, moved inside your environment, and become a literal ghost in the machine. Undetected, the adversary is free to move from system to system, searching for its next target. This is a scenario that every #SOC fears and is a daunting #threathunting challenge.

But this webcast demonstrates that #cyberthreats don't need to go undetected. Learn how to overcome network blind spots and hunt, discover, and disrupt adversary attacks through a correlation of #NDR and #EDR platforms. If you're a threat hunter, incident responder, #securityanalyst, #securityengineer, #securitymanager or #securityarchitect, we encourage you to watch this technical webcast from Corelight and Cyborg Security:

👻 "Think Like a Threat Hunter: Hunting the Ghost in the Machine"

🎤 Corelight's Nick Hunter and Cyborg Security's Brandon Denker

▶️https://www.youtube.com/watch?v=QZkdOY412k4&t=2984s

#Exploit #Vulnerabilities #CyberAttack #NetworkSecurity #EndpointSecurity #Cybersecurity #DFIR

What's the tech that's improving SOC analyst efficiency? 🤔
.
.
.
If you guessed NDR, then you'll love this new eBook from Enterprise Strategy Group (ESG).

It's true. 60% of organizations say that network detection and response (NDR) improved their SOC analyst efficiency. Here are some other stats from the eBook to consider. Nearly half of organizations say that it:

1. Detected attacks missed by other tools
2. Accelerated incident response
3. Provided the broadest network visibility across environments

Don't just take our word for it. Read ESG's "The Evolving Role of NDR" eBook today: https://go.corelight.com/esg-report-evolving-role-of-ndr-ty

#NDR #DetectionandResponse #NetworkSecurity #CyberSecuritySolutions #NetworkSecurityEngineer #SecurityAnalyst #SOC #SecOps