Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

When your SIEM models are not enough

John Menerick

Upon suggestion from Mr. Hay, I took https://sigopt.com/ for a spin.  I plugged it into our SIEM and Vulnerability models.  I am astonished.  Just when I thought every bit of value was squeezed from the systems, it is continuing to pull out indicators and APT actors like candy at a weight loss camp.  One should give it a spin when they need to further optimize their models.  For blackhats, this technique will become a significant pain as additional academic savy private sector practitioners move beyond log management and playbooks. 

NSA Ghidra and Yara

What is old is new again?