DCWebGuy
@dcwebguy.bsky.social
Also on Xitter: @DCWebGuy
Malware hunter/analyst. PCAP denizen. Old-school webdev. (re-)Tweets mainly infosec IOCs, plus some politics and science. Consilience bias. I hate ideologies.
Malware hunter/analyst. PCAP denizen. Old-school webdev. (re-)Tweets mainly infosec IOCs, plus some politics and science. Consilience bias. I hate ideologies.
Usually there are multiple log sources:
Host based firewall logs
Web server logs
Web app logs
Then they get shipped into Sentinel plus Crowdstrike Falcon.
Plus the firewall on the network (duh)
An ips (like yeah)
Host based firewall logs
Web server logs
Web app logs
Then they get shipped into Sentinel plus Crowdstrike Falcon.
Plus the firewall on the network (duh)
An ips (like yeah)
April 19, 2025 at 5:07 AM
Usually there are multiple log sources:
Host based firewall logs
Web server logs
Web app logs
Then they get shipped into Sentinel plus Crowdstrike Falcon.
Plus the firewall on the network (duh)
An ips (like yeah)
Host based firewall logs
Web server logs
Web app logs
Then they get shipped into Sentinel plus Crowdstrike Falcon.
Plus the firewall on the network (duh)
An ips (like yeah)
This just doesn't pass the smell test in gov work in compliance with FISMA data controls that are exceptionally difficult to remove, even when given root user permissions.
Basically, this is almost impossible.
Basically, this is almost impossible.
April 19, 2025 at 5:04 AM
This just doesn't pass the smell test in gov work in compliance with FISMA data controls that are exceptionally difficult to remove, even when given root user permissions.
Basically, this is almost impossible.
Basically, this is almost impossible.
I have 3 to 6 different ways to monitor stuff when root admins disable logging, because of "defense in depth" at the Azure billing level, Splunk logging level, endpoint detection and response (EDR) monitoring level, Continuous Diagnostics and Mitigation level (global CISA logging), etc.
April 19, 2025 at 5:04 AM
I have 3 to 6 different ways to monitor stuff when root admins disable logging, because of "defense in depth" at the Azure billing level, Splunk logging level, endpoint detection and response (EDR) monitoring level, Continuous Diagnostics and Mitigation level (global CISA logging), etc.
Gov infose guy, this story reeks.
"Drone surveillance photo + threat note taped to whistleblower’s door" was the warning label. But, the suggested lack of oversight in the NPR story that anyone in my field could tell you was patently wrong was the garbage signal to me.
"Drone surveillance photo + threat note taped to whistleblower’s door" was the warning label. But, the suggested lack of oversight in the NPR story that anyone in my field could tell you was patently wrong was the garbage signal to me.
April 19, 2025 at 5:04 AM
Gov infose guy, this story reeks.
"Drone surveillance photo + threat note taped to whistleblower’s door" was the warning label. But, the suggested lack of oversight in the NPR story that anyone in my field could tell you was patently wrong was the garbage signal to me.
"Drone surveillance photo + threat note taped to whistleblower’s door" was the warning label. But, the suggested lack of oversight in the NPR story that anyone in my field could tell you was patently wrong was the garbage signal to me.