l
ну, это у нас так, про вдвое. ибо всяко бывает
Size: a a a
2020 November 30
l
у нас раз один мудила решил “внедрить очень крутую штуку проверенную стопицот раз”, в итоге склад рц стоял два часа вместо допустимых 15 минут)
A
я сейчас внедряю тему - пердеть тоьько по приказу, т.е. change management
A
A
сейчас 3 совы из 5
2020 December 01
SS
Всем привет, подскажите, в этом канале можно размещать вакансии AppSec? Если нет, то где? :) нид хэлп
q
Всем привет, подскажите, в этом канале можно размещать вакансии AppSec? Если нет, то где? :) нид хэлп
SS
Спасибо!
2020 December 02
y
$100 for it? why not $1000?
take a look, this info is free.
https://attack.mitre.org/resources/training/cti/
take a look, this info is free.
https://attack.mitre.org/resources/training/cti/
rd
$100 for it? why not $1000?
take a look, this info is free.
https://attack.mitre.org/resources/training/cti/
take a look, this info is free.
https://attack.mitre.org/resources/training/cti/
👍
y
the concept of data being converted into intel could be found here:
http://archive.hack.lu/2015/When%20threat%20intel%20met%20DFIR.pdf
http://archive.hack.lu/2015/When%20threat%20intel%20met%20DFIR.pdf
y
there is no need to get training to get the concept of Intel-Driven Defense [1]:
1. Learn the system/technology
2. Learn how to "hack" it
3. Create full defensive coverage from all perspectives
1st step is clear. 2nd step is the problematic one.
as long as we cannot easily share the knowledge, there is no way we could collaborate globally and effectively solve the problem for all.
this is what ATT&CK here for. it allows us to classify the threats and possible "hacking" techniques.
which is allows us to:
- accumulate the knowledge
- share the knowledge
- attach new contexts from different expert areas (i.e. simulation, mitigation, detection, response)
- share the knowledge even further
- mature it, improve it, enrich it, automate exchange
- ???!!?!
- profit.
more detailed free info on the topic could be found in John Lambert's work "The Githubification of InfoSec" [2] (EN) [3] (RU).
you can send your $100 in BTC to this wallet:
thanks.
[1] https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf
[2] https://medium.com/@johnlatwc/the-githubification-of-infosec-afbdbfaad1d1
[3] https://habr.com/ru/company/microsoft/blog/487584/
1. Learn the system/technology
2. Learn how to "hack" it
3. Create full defensive coverage from all perspectives
1st step is clear. 2nd step is the problematic one.
as long as we cannot easily share the knowledge, there is no way we could collaborate globally and effectively solve the problem for all.
this is what ATT&CK here for. it allows us to classify the threats and possible "hacking" techniques.
which is allows us to:
- accumulate the knowledge
- share the knowledge
- attach new contexts from different expert areas (i.e. simulation, mitigation, detection, response)
- share the knowledge even further
- mature it, improve it, enrich it, automate exchange
- ???!!?!
- profit.
more detailed free info on the topic could be found in John Lambert's work "The Githubification of InfoSec" [2] (EN) [3] (RU).
you can send your $100 in BTC to this wallet:
15PUN34cHSiLKcBScLiz4vEcGazyrhY2Tdthanks.
[1] https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf
[2] https://medium.com/@johnlatwc/the-githubification-of-infosec-afbdbfaad1d1
[3] https://habr.com/ru/company/microsoft/blog/487584/
B
Anyways, keep up the good work.
B
🙏🙏🙏
y
BL
Anyways, keep up the good work.
same to you!
Z
)))
Z
что можно почитать про риск ориентированный подход в ИБ
x
что можно почитать про риск ориентированный подход в ИБ
NIST RMF
Z
xdoom
NIST RMF
👍
H
Ребята из лаборатории Касперского поколдовали и сделали интерактивную карту шифровальщиков в реальном времени.
Узнайте, где прямо сейчас проходят атаки троянов-шифровальщиков по ссылке: https://kas.pr/g62w
Узнайте, где прямо сейчас проходят атаки троянов-шифровальщиков по ссылке: https://kas.pr/g62w