Author: mrahier96

by mrahier96 mrahier96 No Comments

Cyber Incident Handling: dos and don’ts!

Intro

In today’s article, we will discuss the good and bad practices when facing a major incident.

Facing an incident is stressful for both : the victim and incident handlers. Therefore, to reduce the impact of that stress, we need to understand what are the good practices to adopt and what are the poor decisions one may make under the effect of the stress.

As for an example of an incident, we will run through a Human Operated Ransomware case scenario and see what could lead to a longer analysis time, communication difficulties, or at worst, your infrastructure being compromised again after the first attack.

Read more

by mrahier96 mrahier96 No Comments

Excellium Services Announces Partnership with Pentera to Expand Security Portfolio with Automated Security Validation

Contern, Luxembourg, July 11, 2023 – Excellium Services S.A., a leading cybersecurity services provider in Belgium and Luxembourg part of Thales Group, today announced a partnership with Pentera, the leader in automated security validation. Pentera’s platform will strengthen Excellium’s strong list of services, addressing the growing demand for automated security validation for enterprises in Belgium and Luxembourg.

Read more

by mrahier96 mrahier96 No Comments

Daily Life in the SOC – Level 1 Analyst

The Level 1 CSOC Analyst Team is at the forefront of the Excellium Cyber Security Operations Centre. These analysts, also known as first responders, work in 8-hour shifts every day of the year to ensure full-time coverage of infrastructure and guarantee that there is always someone ready to act; no matter the time or day. The actual number of people on any given shift is increasing to meet the growing needs of the expanding client base as well as influxes in activity caused by external circumstances such as the Russo-Ukrainian war or American presidential election.

With that said, what exactly does a level 1 analyst do?

Read more

by mrahier96 mrahier96 No Comments

Discovery of Cloud Native applications from an application security perspective

Context of the blog post

This article is based on my understanding of what is a Cloud Native application. This knowledge is mainly based on the reading of the following sources:

🎯 My goal was to try to identify which aspects of the security of an application change when an application is intended to be Cloud Native.

📍 From here, a Cloud Native Application will be called a CNA.

Read more

by mrahier96 mrahier96 No Comments

Cloud Migration Challenges

One of the most widely used technologies today is cloud computing, where workloads are hosted by vendors and accessed via the Internet automatically, without provider’s interaction at anytime and anywhere.

Cloud migration challenges - Excellium Services Belgium

Read more

by mrahier96 mrahier96 No Comments

Dnssecuritytxt: new security best practice or impractical good idea

If you are casually browsing for ways to improve your cyber security posture, you might not have come across dnssecuritytxt, and it’s understandable because it’s not very famous. But we took a look at it and wanted to share our opinion with you.

Security.txt and dnssecuritytxt

A few years ago, a concept called security.txt became popular in the online community after giants such as Google, Facebook or Dropbox started implementing it. This concept was nothing more than a .txt file that was placed in the /.well-known/ directory of a website. Its contents? Information about who to contact in case a bug is found, what the security policy of the company is, how to encrypt the proof of vulnerabilities before sending them over, and even a job page for those who might be interested. You can read this great article which goes more into the details of security.txt or you can visit our implementation of it to see what it looks like from the URL below:

Read more

by mrahier96 mrahier96 No Comments

From Log4Shell to Text4Shell…

Context of the Log4Shell Vulnerability to Text4Shell

A year ago, the infamous “Log4Shell” vulnerability on the Log4J logging library of the Apache Logging Services was disclosed. This “Remote Code Execution” (RCE) vulnerability was widely publicized, as the component was widely used and exploiting of the vulnerability was easy. Indeed, Log4Shell was more than just an RCE vulnerability. Depending on the way it was exploited, it could also be used for data exfiltration via protocols such as DNS.

Read more

by mrahier96 mrahier96 No Comments

Manage your vulnerabilities through a Risk-based approach

The number of vulnerabilities is growing day by day due to different technologies such Web applications or Cloud Computing, which is increasingly adopted by organizations as well as teleworking, so more assets are exposed and connected to the internet and the attack surface of organizations is getting more and more larger, besides hackers have shifted their focus from high to medium and low CVSS.

Read more

by mrahier96 mrahier96 No Comments

Traffic Light Protocol (TLP) had a change of colours

A word on FIRST

FIRST is the Forum of Incident Response and Security Teams. Since 1990, when FIRST was founded, its members have resolved an almost continuous stream of security-related attacks and incidents including handling thousands of security vulnerabilities affecting nearly all of the millions of computer systems and networks throughout the world connected by the ever growing Internet.

FIRST brings together a wide variety of security and incident response teams including especially product security teams from the government, commercial, and academic sectors.

TLP means Traffic Light Protocol, it is a protocol created by the Special Interest Group of FIRST (FIRST TLP SIG).

TLP means Traffic Light Protocol, it is a protocol created by the Special Interest Group of FIRST (FIRST TLP SIG).

Read more

Top