Blog

‘Motive – Opportunity – Impunity’ cycle shapes the cybersecurity threat landscape for years

Motive – Opportunity – Impunity: without breaking this cycle in the global private and public sectors cooperation, there’ll be no end to cybercrime nor to politically motivated hacks. Motive Money. That’s what’s directly behind the majority of cyber attacks today. Another much less frequent but very dangerous motive is politics with state actors seeking influenceContinue reading “‘Motive – Opportunity – Impunity’ cycle shapes the cybersecurity threat landscape for years”

Threat hunting with CrowdStrike – Valid Accounts

Techniques of interest:  https://attack.mitre.org/techniques/T1078/ https://attack.mitre.org/techniques/T1021/ |_ Remote Services: Remote Desktop Protocol |_ Remote Services: SMB/Windows Admin Shares   Hypothesis:  If a Threat Actor (TA) would successfully employ the above-mentioned sub-techniques of T1021 then in Windows Active Directory environment it should demonstrate itself by Windows logon events with types 3 and 10 being generated on target machines.   If we were able to identify any single userContinue reading “Threat hunting with CrowdStrike – Valid Accounts”

Subjective list of the 5 most important things you should be doing to improve cybersecurity in your organization

Have the response team No matter how good your organization is in risk management and implementing security measures it is certain that sooner or later it will experience a severe security incident or a breach. When this happens the only thing that can effectively minimize the impact and quickly recover from the incident is theContinue reading “Subjective list of the 5 most important things you should be doing to improve cybersecurity in your organization”

What can we learn from the GAO report on the US Weapon Systems Cybersecurity

Posted on: October 23, 2018 At the beginning of this month the United States Government Accountability Office released a public report titled: β€œWEAPON SYSTEMS CYBERSECURITY DOD Just Beginning to Grapple with Scale of Vulnerabilities” The assessment was performed as the US Department of Defense β€œ(…) plans to spend about $1.66 trillion to develop its current portfolio ofContinue reading “What can we learn from the GAO report on the US Weapon Systems Cybersecurity”

Finding newly registered domains for hunting and blocking.

Originally published in 2015. Email addresses in freshly registered short lived domains are increasingly used to send spam and malware. They are also used in spear phishing campaigns often combined with bitsquatting/typosquatting techniques to fool users into trusting the message content. The same applies to websites serving malicious content that are linked by the phishingContinue reading “Finding newly registered domains for hunting and blocking.”

About Me

I’ve been working in the cybersecurity field since 2️⃣0️⃣0️⃣8️⃣ and somehow I still love this job. Mostly because it’s completely different now than it was when I started.

Lukasz Olszewski πŸ‡ͺπŸ‡Ί 🚡🏼

Cybersecurity is a race between awareness and a breach.

Network location does not imply trust.

NIST SP 800-207

It’s okay to spend a lot of time arguing about which route to take to San Francisco when everyone wants to end up there, but a lot of time gets wasted in such arguments if one person wants to go to San Francisco and another secretly wants to go to San Diego.

S. Jobs