SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html Configuration Scanners Adding Java Specific Configuration Files Published: 2024-06-24 Last Updated: 2024-06-24 08:37:24 UTC by Johannes Ullrich (Version: 1) Hunting for configuration files is one of the favorite tricks we typically see used against our honeypots. Traditionally, standard and more generic configuration files like ".env" or ".config" are the target, with some cloud-specific configuration files sprinkled in. Today, I noticed in our "First Seen URL" list a new variation that appears to target Java Spring configuration files. For example, the following files are now being hunted ... https://isc.sans.edu/diary/Configuration+Scanners+Adding+Java+Specific+Configuration+Files/31032/ No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary] Published: 2024-06-20 Last Updated: 2024-06-20 01:19:16 UTC by Guy Bruneau (Version: 1) [This is a Guest Diary by Owen Slubowski, an ISC intern as part of the SANS.edu BACS program] Over the past 20 weeks I have had the privilege to take part in the SANS Internet Storm Center Internship. This has been an awesome chance to deploy and monitor a honeypot to explore what must be the fate of so many unsecured devices on the internet. Over the tenure here the one thing that was so shocking to me was not only the amount of devices that are conducting password attacks, but also the damage they could have done if their malware had been successful. Over the 20 weeks of this internship, I had more than 16,790 unique devices attempt to gain unauthorized access to my honeypot over SSH and Telnet from 49 different countries! With the amount of threat actors out there it almost seems like a strong password policy isn’t enough on its own. And over the multitude of attack reports I wrote it always listed the same control that could have protected the system: MFA and filtering to protect the system. In my mind these solutions always imply a greater cost that is often outside of our reach as hobbyist and small organizations … Or are they? Over the course of the next few pages, I look to discuss different technical controls I was first introduced to during the internship that can be applied to Ubuntu Linux at no cost and how they can help protect against these attempts to login by various threat actors. Read the full entry: https://isc.sans.edu/diary/No+Excuses+Free+Tools+to+Help+Secure+Authentication+in+Ubuntu+Linux+Guest+Diary/31024/
Sysinternals' Process Monitor Version 4 Released (2024.06.22)
https://isc.sans.edu/diary/Sysinternals+Process+Monitor+Version+4+Released/31026/
Microsoft Patch Tuesday June 2024 (2024.06.11)
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+June+2024/31000/
Finding End of Support Dates: UK PTSI Regulation (2024.06.07)
https://isc.sans.edu/diary/Finding+End+of+Support+Dates+UK+PTSI+Regulation/30992/
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
SANS 2024 SOC Survey Webcast: Facing Top Challenges in Security Operations | July 12, 10:30 am ET | Join Chris Crowley and guest speakers as they examine this year's survey results to understand how SOCs are architectured, favorite and frustrating technologies, staffing, funding, threat intel, and automation.
Continuous Attack Surface Discovery and Penetration Testing with BreachLock | Tune in on Wed., July 10 as Dave Shackleford takes a solutions deep dive with BreachLock’s attack surface management and penetration testing as a service offering. | Register now:
Webcast: Secure your multi-cloud environment from code to cloud with Microsoft Defender CSPM | Join Matt Bromiley and Tal Rosler of Microsoft as they unveil the latest security posture innovations in Microsoft Defender for Cloud.
Webcast: 2024 State of Security Automation | Tune in to this discussion with Mark Orlando and Palo Alto's Jane Goh as they discuss the results of this survey - how SOC teams identify, prioritize and assess the efficiency of the SOAR use cases; and explore the ways AI might fill the gaps left by SOAR and remaining potential barriers. Also, Matt Bromiley will review the Cortex XSOAR platform.