Author: venkat

Venkat is founder of FlexibleIR. He brings 20 years of experience in building tools and products at Sun Microsystems, Intel, Novell, HP, Yahoo,Tesco and startups. He has developed test suites and frameworks for post silicon validation of the Xeon processor family (Fuzzing). He has worked deeply on UFS files system at SUN Microsystem. Was a security paranoid at Yahoo.
online-class
edtech eLearning online education
August 26, 2020

Defending the Online Education Sector

Other names for the sector – E-learning, online learning, Edtech With a major shift to virtual classrooms, the Edtech startup companies pose a significant target for cyber criminals. As more students get connected to the Internet the threat has never been greater. Cyber attacks continue to plague the education sector, and they’re only intensifying. The consequences can be devastating and long lasting. Hackers are probably […]

edtech eLearning General
August 19, 2020

Online education platform threats and mitigations

The rapid shift to online learning brought about by the pandemic is all but guaranteed to increase the threats they are facing and incidents they will experience. Typical users of online learning platforms – students, lecturers or teachers. Typical types Online training with content. Online training by trainers Large educational institutes – Going online. A platform for educators and learners with educators creating educational videos […]

General
July 1, 2020

Incident Response – Training, Blue team exercise and Muscle Memory.

First.org recommends this: Take a scenario that affected another organization and perform a table-top walk through of how your organization would deal with that same incident. At the very least you’ll identify gaps you still have to address. Exercises should be regular and involve a range of participants. It’s important that the senior members of an organization (right up to senior executive management) as well […]

General
June 30, 2020

SoC SIEM Use Cases

The use cases are critical to identifying any of the early, middle, and end-stage operations of the adversary. A small abnormal event can be a clue to a larger attack. There also needs to be a Playbook on how to respond. What are Use Cases Best Practises Why it is important to have a large set of Use Cases and have playbooks for them? FlexibleIR […]

ics-scada-playbooks
SCADA
May 16, 2020

ICS SCADA Use cases

Attacks related to Industrial Control Systems are complex. There is an urgent need to share information, get support for incident analysis and mitigation, and coordinate messaging for incidents that require communication with customers and the public.

salstack-Unauthorized-Access
Cloud General
May 8, 2020

Playbook for attack on Salt servers

Nov3, 2020 – New vulnerabilities revealed. The fixed versions include 3002.1, 3001.3, and 3000.5 depending on what branch of Salt you are using. The company has also made patches available for older versions, such as 2019.x.  https://www.bleepingcomputer.com/news/security/saltstack-reveals-new-critical-vulnerabilities-patch-now/ Older vulnerabilities – The hackers use CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) to take control over Salt master server Mitigations Below are for older bug fixes related […]