Blog
Using Osquery to check if you’ve patched CVE-2022-26809
Update: this won’t work as monthly rollups supersede discreet KB patches. See…
April 20, 2022
Using Google Chat for Elastic Security Alerts
How to set up Google chat to receive security alerts from Elastic Defend.
April 19, 2022
Getting Dockerd to behave with Snap
How to use the snap version of docker on Ubuntu without dying of frustration.
April 18, 2022
Increasing signal to noise ratio for Mitel systems
If you’re responsible for defending Mitel systems, specifically the Mitel MiCollab suite running on Mitel’s “Mitel Standard Linux” you have probably noticed by now that the systems are very noisy from defenders point of view, for example: Yes this is actually a legitimate process tree on a Mitel Micollab system — I was investigating an alert that detects suspicious child processes spawned by Java and this is what I found. With process parent-sibling relationships as long as these being the normal (the full tree is about 20 processes long) it is hard to detect or alert on actual malicious activity.
March 27, 2022
Detecting CVE-2021–41379 using EQL
Detect CVE-2021–41379 being exploited using Elastic EQL rules.
November 23, 2021
Deploy Elastic Agent with Microsoft Intune
In my previous story I shared how any organisation can go from having zero security visibility to having a wealth of contextual information in less than a day. In this article I’m going to share a small Powershell script that can be used with any management tool to deploy Elastic Agent to a whole fleet of Windows systems. Using this tool an administrator can easily deploy Elastic Agent to 10 or 1000 systems without breaking a sweat!
October 28, 2021
From Zero to Visibility in record time
With Security context is critical ; to make a simple analogy there is a huge difference between your wife holding a bread-knife during the daytime is a very different situation to an intruder wielding that same knife in the dark of night. At Threatbear we help Aussie companies detect and respond to Cybersecurity threats and the workflow often goes like this : Install an Osquery fleet server ~1day Build the binaries and connect the endpoints ~1day+
May 28, 2021
Renaming multiple files
How to rename thousands of files with unique names using bash scripting.
February 27, 2019
Digital Ocean dictates what nodes you can add to their Kubernetes service
When one pays money to rent the compute resources from another it should be the customer — not the provider — that decide whether a system can run a workload or not. Simply put I signed up for the Digital Ocean Kubernetes preview and it worked well. Super easy way to get started with Kubernetes and in my case a great way to run periodic jobs in a secure (using k8s secrets) and repeatable (defining my CRON job in a YAML file and ‘applying’ it to the cluster) way.
January 2, 2019
Using Amazon Athena to check if a password has been pawned
Check if passwords have been pawned using Amazon Athena and the HaveIBeenPwned dataset.
July 23, 2018