A collection of (mostly) InfoSec-related stories that I encountered either privately or professionally.
These stories might not always contain cutting-edge knowledge. They might not always be super long. But all of them I deemed worth telling.
During a recent engagement, I found myself in quite a difficult situation.
I was in the client's offices and got my hands on one of their Windows laptops including a set of valid domain credentials.
So, using an Ethernet cable, I was able to get the laptop into the client's network.
But, thanks to a great Endpoint Detection and Response (EDR) solution, solid privilege management and 802.1X-2010
NAC, that was about as far as I could get. Or was it...?
Read more
A short story about how NOT to handle security alerts as a SOC. And some brief tips on how to improve security monitoring.
Read more