SECTION 9 Cyber Security

SECTION 9 Cyber Security episodes:

• 04.03.2023

  The NIST Cyber Security Framework

  Time to start looking into cyber security frameworks. For this episode we’re looking at the the NIST Cyber Security Framework. We’re also explaining what a cyber security framework is and how they can help.

  
• 03.06.2023

  Time For a Maintenance Review - 259

  Time for another maintenance episode where we review our systems and management process. This time were looking at our Digital Ocean servers, Automox patch management, Fortinet Firewalls, and the password manager Bitwarden.

  
• 01.16.2023

  How do you roast a server to death? - 258

  Almost roasted our VMware server to death. Don’t do what I did. Enjoy!

  
• 01.09.2023

  How do we evaluate the LastPass hack for Section 9? - 257

  LastPass was hacked last year. As LastPass customers we need to evaluate the impact that has on Section 9. Should we continue to use the product? Should we migrate to a different password manager? How do we evaluate a password...

  
• 12.12.2022

  SANS and BHIS Videos for Hacking - 256

  Found some really interesting and helpful videos. One walks you through an Active Directory hacking lab. Another talks about default configurations and bad passwords as a way to hack into systems. The last one is about building a home lab....

  
• 11.21.2022

  The Active Directory Lab - 255

  Found a video that walks you through the process of setting up an Active Directory Lab for hacking. I wouldn’t be able to do this without a starting point.

  
• 11.07.2022

  Using the MITRE ATT&CK Matrix in a lab - 254

  Last episode was about my crazy study plan, or lack of one. Time to put together a proper study plan. One that works.

  
• 10.10.2022

  A Better Study Plan - 253

  Last episode was about my crazy study plan, or lack of one. Time to put together a proper study plan. One that works.

  
• 10.03.2022

  Learning All At Once - 252

  Time to jump into my crazy, unorganized study process. Trying to study or learn the CISSP, pentesting, risk assessments, and keep up with my current certification requirements. I’ve also signed up for two Antisyphon classes.

  
• 09.05.2022

  Asset Management Policy - 251

  Time to create a policy for asset inventory. This will help us define what we need in our asset inventory. It will also help us define what we need in our procedures. The process we use to manage the inventory.

  
• 08.29.2022

  Discovering Devices With runZero - 250

  We’re scanning our network with runZero to get an inventory of devices. What did it find? What can we learn from this inventory? How well does it work? fix? Do we have any security controls in place? Can we...

  
• 08.22.2022

  Do we have adequate security controls in place? - 249

  We’re in the process of implementing the CIS controls. This will take time. We’re also very busy. Are there any gaping security holes that we need to fix? Do we have any security controls in place? Can we wait to...

  
• 08.15.2022

  CIS Controls: Hardware Inventory Part 1 - 248

  Time to get an accurate inventory of the devices on our network. Once we have an inventory, we can move on to policies and procedures.

  
• 08.01.2022

  Going Back to the CIS Controls - 247

  Time for another maintenance episode. This time were going back to the CIS Controls. This time were using version 8. Hoping to implement the first 7.

  
• 07.11.2022

  Azure Testing - 246

  Time to start learning Azure. We’ve had Azure AD and Microsoft 365 for years. Just added Azure to the mix. Lots to learn.

  
• 06.20.2022

  The OSINT Rabbit Hole: Part 1 - 245

  Time to go down the OSINT rabbit hole. What is it? What are we looking for? What are some of the tools we can use?

  
• 06.13.2022

  Kali Linux, Nmap, Shodan, Gophish, Zap and Burp Suite - 244

  Time to dig in and start learning the tools.

  
• 05.30.2022

  New Job, VMWare Server, Tools - 243

  Got a new job. This makes our lab environment more important than ever. Some labs will be for me. Others will be for work. We need to make sure everything is working. We also need good documentation. No more messing...

  
• 05.09.2022

  Organizing IT Before New Job - 242

  There could be a new job in my future. Before that happens, we need to organize our IT. We’re looking at patching, Microsoft Defender for Business, and data recovery.

  
• 05.02.2022

  New Projects: SIGMA, Python, Cloud - 241

  Time for some new projects. Still have a few things to do with Wazuh. Once that’s done, I’ll need something new to work on. Python is the big one. Seems everyone is asking for Python skills these days.

  
• 04.25.2022

  Wazuh, Detection, and VMware Management - 240

  Wazuh! It works! Not only does it work, but it’s awesome. We’re also covering detection as part of a security program. You can’t have good security without detection. We’re also throwing in a bit of VMware management. Can’t manage labs...

  
• 04.11.2022

  Wazuh, Sysmon and Atomic Red Team - 239

  Time for more Wazuh and Sysmon. This time we’re adding Atomic Red Team for testing. This is starting to look really good. Unfortunately we’re missing something.

  
• 04.04.2022

  Labs, Wazuh & Sysmon, Microsoft 365 - 238

  We’ve packed a lot into one episode. We’re reviewing Dorothy’s lab, Wazuh & Sysmon and Microsoft 365. We do have some good news. Got Sysmon installed. We also have access to good Microsoft 365 instructions and a book. We’re moving...

  
• 03.28.2022

  How does one get into IT? - 237

  There are many ways to answer this question. First, you need some skills. For this ongoing project we’ve decided to focus on Windows. Server 2019, Windows 10 and 11, and a bit of networking for good measure. One has to...

  
• 03.21.2022

  What is Microsoft Defender for Business? - 236

  We’re in the process of testing Microsoft Defender for Business. This includes vulnerability management, endpoint detection and response and a lot more. This could be the security solution we’ve been looking for.

  
• 03.14.2022

  Are Security Solutions 100% Perfect? - 235

  Of course security solutions aren’t 100% perfect. So, why are people building security programs around perfect solutions?

  
• 03.07.2022

  How do we deploy Sysmon? Part 2 - 234

  Time to go deeper down the Sysmon rabbit hole. Looks like Wazuh does a lot more than we thought.

  
• 02.28.2022

  How do we deploy Sysmon? Part 1 - 233

  Time to start thinking about our Sysmon deployment. There are a lot of moving parts to this project. It won’t be a simple install on Windows 10. That’s just a small part of the project.

  
• 02.21.2022

  Mini Security Audit - 232

  We’re conducting a mini security audit. We’ve got our short list of things we’re doing for security. Are they working for us? Are there things we need to change? How are we doing?

  
• 02.14.2022

  Application Allow List with AppLocker and Intune - Part 1

  It works! We have application allow listing with AppLocker. Pushed out the settings from Intune. This is awesome! NOTE: No links to instructions for Intune and AppLocker. I need to find good documentation or write my own.

  
• 02.07.2022

  What should we do for security? - 230

  We’ve come up with a short list of things we should do for security. These are industry recommended solutions. They make it extremely hard for an attacker to get in.

  
• 01.31.2022

  Security in The Real World - 229

  Security in a lab is one thing. Security in the real world is something else. Time to start thinking of real world solutions.

  
• 01.24.2022

  What’s on your network? - 228

  Do you know what devices are on your network? Do you have an accurate inventory? Discover what’s really connected to your network with Rumble.run. This is an awesome network discovery tool.

  
• 01.17.2022

  Security Training and Job Hunting - 227

  Time for another round of security training. This time it’s John Strands Cyber Deception class. We’re also talking about job hunting Jason Blanchard style.

  
• 01.10.2022

  Fortinet Firewall Licensing Update - 226

  A proper explanation of our Fortinet firewall licensing. Goals, tasks, and lessons learned.

  
• 12.20.2021

  Fortinet Firewall Licensing - 225

  Time to get licenses for our Fortinet firewalls. They expire next month. We’re also planning for next year.

  
• 12.13.2021

  My Python Class - 224

  We’re talking Python classes, Wi-Fi issues, security training and more. We’re also beginning to plan for next year. Yup, the new year is right around the corner.

  
• 11.22.2021

  What’s next for the new lab? - 223

  What’s next for our lab? What should we focus on? What kinds of things can we add to it?

  
• 11.15.2021

  How long does it take to build a basic lab? - 222

  It use to take us forever to build a lab. Lots of documentation, testing and planning has changed that. Big step in the right direction.

  
• 11.08.2021

  We Need a Network - 221

  We need to build a new network. One that includes a Firewall, Windows Domain Controller, Windows 10 and Windows 11 workstations. This will be our starting lab. One we can add to in the future.

  
• 11.01.2021

  We’re Analyzing Logs With Logwatch - 220

  As the title says, we’re analyzing logs with Logwatch. Big step in the right direction. Started this back in episode 218. Couldn’t get email to work. It works! Not only does it work, but we can catch evil.

  
• 10.25.2021

  Netbox for Network Documentation - 219

  Found a new tool called Netbox. This tool was designed to document large data centers. We’re trying to use it to document our network. Lots of cool features and lots of moving parts to think about.

  
• 10.18.2021

  Installing Logwatch For Log Analysis - 218

  Time to analyze our cloud server logs. For that we’re going to use Logwatch. This will require the Postfix SMTP server for sending email. We also need the UFW firewall. Once again, lots of moving parts.

  
• 10.11.2021

  Installing Windows 11 and VMware Updates - 217

  We’re talking Windows 11 and VMware Updates. Did an Install of Windows 11 in our VMware environment. This required a virtual TPM. Moved on to VMware updates. This included updates to ESXi and VCSA. Lots of moving parts to these...

  
• 10.04.2021

  Learning to Use Microsoft 365 Apps - 216

  We’re trying to get the most out of 365. That includes learning how to use apps like Teams, Planner, OneNote and more. There’s a lot of moving parts to this. Installing, configuring, training, standards and more. We’re still at the...

  
• 09.20.2021

  Planning For a New Wi-Fi Access Point - 215

  Time to plan for a new Wi-Fi Access Point. We’re replacing our old Asus Wi-Fi router with a Fortinet Access Point. What are the risks? How much downtime will there be? What’s our backout plan?

  
• 09.13.2021

  Building an Internal DNS Server - 214

  Time to add another DNS server to the network. This could be considered a small project. It still has a lot of moving parts. What OS should we use? What hardware should we use? Can we manage another server?

  
• 09.06.2021

  Can we speed up a Server 2019 Install? - 213

  Dorothy want’s to speed up the installation of Windows Server 2019 in the lab. We’re looking into an automated install. We’re also looking at all the steps leading up to the install. How do we connect to our VMware server?...

  
• 08.31.2021

  Could we manage 1,000 Laptops? - 212

  Yes we can! We’re using Intune, Azure AD and Automox to manage two laptops. The same process we use for two could be applied to 1,000. Settings, applications and updates can all be pushed out with a few mouse clicks.

  
• 08.16.2021

  Lesions Learned From 3 Job Interviews - 211

  I’ve had 3 job interviews this year. Here’s what I’ve learned so far.