Darkside ransomware SandBlast Forensics report

Quick summary

The operator of the nation’s largest gasoline pipeline — hit earlier this week by ransomware attack — announced Saturday it has resumed “normal operations”. Georgia-based Colonial Pipeline had begun the process of restarting the pipeline’s operations on Wednesday evening, warning it could take several days for the supply chain to return to normal.

Let’s cover the basics first, the 4C’s is what does that mean. The 4C’s of Cloud Native security are Cloud, Clusters, Containers, and Code. Note: This layered approach augments the defense in depth computing approach to security, which is widely regarded as a best practice for securing software systems.

Here I am scanning to see which ports are open, this is what any hacker would do during recon phase of the attack.

This article will be useful to those who are familiar with Check Point technologies for emulation of files ( Threat Emulation ) and proactive cleaning of files ( Threat Extraction ) and want to take a step towards automating these tasks.

Check Point has a Threat Prevention API that works both in the cloud and on an hardware or virtualized appliance, and is functionally identical to checking files in web / smtp / ftp / smb / nfs traffic streams .

In this article you will find the Postman collections for working with the Threat Prevention API.

If you want…

Docker security is an ever-evolving area to be updated about since this part of the technology keeps changing at fast pace. We will cover few basic topics you should be aware of from technical standpoint.

Even though there are alot of articles around this topic and most famous front-runners in this space are companies like Snyk and Sysdig.

Snyk’s recommendations for top 10 Docker Security Best Practices publicly available, for sysdig you have to fill out the form and download the whitepaper.

Docker containers are, by default, quite secure; especially if you run your processes as non-privileged users inside the…

Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications according to kubernetes.io but if we look at it closer under the hood let’s see what it is actually and technically :)

This is a kubernetes dashboard you should see once went through the simple steps in this article.

Launching a single node Kubernetes cluster, we will use Minikube(https://github.com/kubernetes/minikube), it is a tool that makes it easy to run Kubernetes locally, Minikube runs a single-node Kubernetes cluster inside a VM on your laptop for users looking to try out Kubernetes or develop with it on a daily basis.

Credits for this particular visual goes to @ Dean Papa Siemplify.

What is Siemplify?

Siemplify is a SOAR Platform company and is Check Point’s strategic partner in SOAR space. Siemplify was born out of the need for a better, simpler, more effective way to manage security operations. Siemplify is built by security operations experts who spent years honing their skills on the front lines of Israeli cyber intelligence agencies. Siemplify is not a SIEM but rather an automation platform which uses playbooks and case-management.

What is Security Automation?

Security automation is used to address security operations tasks without human intervention and is an important component of security orchestration.

When automation is…

Stats of web attacks in percentages

About 3 years ago Gartner Research company coined the term WAAP which stands for Web Application and API Security which is mouth full to say it instead what we used to just call it a WAF in the industry.

There are so many solutions that offer WAAP as SaaS or PaaS or as a software. This article is to highlight and discuss why would anyone need a WAAP.

Let’s talk about Recon briefly.

Recon is mainly about the following items:

  • Web App Recon: (Information gathering, Web App mapping)
  • Structure (Modern vs Legacy, REST APIs, JS Object Notation: Variables, Functions, Context…

TrickBot

What began as a banking trojan and descendant of Dyre malware, TrickBot now provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. These activities include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware, such as Ryuk and Conti.

In early 2019, the FBI began to observe new TrickBot modules named Anchor, which cyber actors typically used in attacks targeting high-profile victims — such as large corporations. These attacks often involved data exfiltration from networks and point-of-sale devices. …

Computer photo created by freepik

Before we dive into this topic, let’s first briefly cover types of cyber threats these technologies can detect and prevent.

  • Firewall is like a doorman; sits at the perimeter, he keeps everyone out who tries to sneak in via open basement-windows-roof etc, but once someone enters through the official door, he lets everybody in, esp. when the house-owner brings guests in; it just allows or blocks traffic, based on port/ip and source and destination allowed. To elaborate further in technical terms, firewall analyzes packet headers and enforces policy based on protocol type, source address, destination address, source port, and/or destination…

What is a Zero Day malware? It’s an unknown malware, virus. It has an MD5 hash that is not known to any traditional Anti-Malware protection.

You can take any unknown variant of the malware and load it to test on www.virustotal.com to get a verdict and validate if it is indeed unknown to a list of traditional signature based solutions. Virus Total maintains and has access via API to run the scan from one unified page.

Here is a library of unknown malware samples: https://github.com/mstfknn/malware-sample-library

You can change the hash of the known variant with https://github.com/ewwink/MD5-Hash-Changer

Now, let’s talk about…

Jon Goldman

Cloud Security, Automation, DevOps, AWS, Azure, GCP

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store