Azure: SQL Firewall Rule Created
Because it's nice to know when your Azure tenant may be opening SQL up!
- Status: Default Disabled
- Log type requirement: Azure AD
Azure: SQL Firewall Rule Deleted
Probably not as risky of a detection, but it's nice to have parity :D
- Status: Default Disabled
- Log type requirement: Azure AD
ESX Admin Group Creation or Modification
A domain group named "ESX Admins" has been created or modified in Active Directory. This detection identifies the following activities:
- Domain group created and titled "ESX Admins"
- Renaming an existing domain group to "ESX Admins"
- Adding users to the "ESX Admins" group
While this may be legitimate administrative activity, it should still be accounted for. Threat actors have been observed taking advantage of a vulnerability using these groups via CVE-2024-37085.
Suspicious Windows Defender Registry Key Tampering via Reg.exe
Administrators and administrative software may modify Windows Defender registry keys while installing antivirus. Threat actors may tamper with Windows Defender registry keys to attempt to disable protection and detection features during adversarial activity and malware deployment.
Content & Fun Things
We'll be at Blue Team Con!
Amanda Berlin - Building Stronger Cyber Defenses forMajor Data Stewards: SMBs and MSPs
Talk Track 2
Saturday, Sept 7th 4:00 - 4:25
Small and medium-sized businesses (SMBs) and managed service providers (MSPs) are pivotal in shaping cybersecurity, collectively constituting over 90% of global businesses. Despite their prevalence, they receive disproportionately less cybersecurity attention than enterprises, yet collectively harbor a significant amount of sensitive data, making them prime targets for cyberattacks, notably ransomware campaigns.
This presentation advocates for empowering SMBs and MSPs through:
- Using SMB and MSP incident retrospectives to cast a light on common attacks.
- Implementing cost-effective solutions that can scale across multiple clients.
- Streamlining implementation and management of security measures.
- Maximizing limited security budgets and resources.
- Employing layered defense strategies that strike a balance between protection and usability.
- Developing threat models that specifically target the most probable attack vectors for SMBs.
- Tailoring security fundamentals to suit the unique environments of SMBs.
- Promoting industry-wide outreach and educational initiatives.
The goal is to democratize security, recognizing SMBs and MSPs as major data custodians. Customized solutions are essential to support their security needs and acknowledge them as the future of cybersecurity. By supporting this majority, we can achieve a more inclusive ecosystem with robust security measures for all businesses.
Mental Health Hacker Village
Saturday, Sept 7th 4:00 - 4:30
People researching and working in infosec excel at having a dozen plates in the air (while keeping an eye on at least as many dashboards.) We funnel tremendous attention and energy into making sure we've planned a response for any risky scenario. But who do *we* confide in? Eho protects *our* integrity? And who maintains *our* availability?
Most people find their social circles shrink entering adulthood: friends move away for school or work, and finding time to come together gets more complicated. Overlapping work schedules, new relationships and children all increasingly compete for our limited downtime hours. Combine this with the long (and sometimes unpredictable) schedule and often isolating routine that comes with many security roles, and it becomes clear that our strong connections can be risk if not tended to consciously and consistently. These relationships that bring satisfaction to our lives and help us recharge through time spent in community are some of our most precious assets, and we should prioritize them accordingly.
This talk will take the same actionable, intentional approach to protecting our social life as we apply each day in our research and careers. It will cover creating routines and environments that increase incidental social interactions, providing opportunities for new connections and friendships. We'll also discuss building alerts and backup plans for making sure our connections are maintained and strengthened over time. Not only is this fulfilling on its own merit -- it's also an important element in preserving our mental health and increasing our ability to withstand stress without being overwhelmed.
If you have friends, want friends, or just miss your friends... this talk is for you!