SECTION 9 Cyber Security
Latest Episodes
Wazuh, Detection, and VMware Management - 240
Wazuh! It works! Not only does it work, but it’s awesome. We’re also covering detection as part of a security program. You can’t have good security without detection. We’re also throwing in a bit of VMware management. Can’t manage labs in VMware without s
Wazuh, Sysmon and Atomic Red Team - 239
Time for more Wazuh and Sysmon. This time we’re adding Atomic Red Team for testing. This is starting to look really good. Unfortunately we’re missing something.
Labs, Wazuh & Sysmon, Microsoft 365 - 238
We’ve packed a lot into one episode. We’re reviewing Dorothy’s lab, Wazuh & Sysmon and Microsoft 365. We do have some good news. Got Sysmon installed. We also have access to good Microsoft 365 instructions and a book. We’re moving in the right direction.
How does one get into IT? - 237
There are many ways to answer this question. First, you need some skills. For this ongoing project we’ve decided to focus on Windows. Server 2019, Windows 10 and 11, and a bit of networking for good measure. One has to start somewhere.
What is Microsoft Defender for Business? - 236
We’re in the process of testing Microsoft Defender for Business. This includes vulnerability management, endpoint detection and response and a lot more. This could be the security solution we’ve been looking for.
Are Security Solutions 100% Perfect? - 235
Of course security solutions aren’t 100% perfect. So, why are people building security programs around perfect solutions?
How do we deploy Sysmon? Part 2 - 234
Time to go deeper down the Sysmon rabbit hole. Looks like Wazuh does a lot more than we thought.
How do we deploy Sysmon? Part 1 - 233
Time to start thinking about our Sysmon deployment. There are a lot of moving parts to this project. It won’t be a simple install on Windows 10. That’s just a small part of the project.
Mini Security Audit - 232
We’re conducting a mini security audit. We’ve got our short list of things we’re doing for security. Are they working for us? Are there things we need to change? How are we doing?
Application Allow List with AppLocker and Intune - Part 1
It works! We have application allow listing with AppLocker. Pushed out the settings from Intune. This is awesome! NOTE: No links to instructions for Intune and AppLocker. I need to find good documentation or write my own.