A Security Operations Centre is an organizational framework for security. It combines many components of a robust security environment, including people, processes, and tools that can detect, respond, and analyze security threats. SOCs run 24 hours a day, seven days a week, with security analysts interacting with environmental data to watch for emerging threats and respond as required.
Along with the technology components, a SOC leverages several levels of cybersecurity analysts.

In today's post, we will look at the benefits of having a strong threat intelligence infrastructure in any organization:
1. Threat analysis - You will be able to learn the patterns that attackers use to compromise your system(s). This will greatly aid in countering them properly 2. Security operations - You can be able to set up and correctly configure various security systems after learning about the scope of items in the threat intelligence research materials you have gathered.

Here are some opensource tools for Cyber threat intelligence that you can utilize;
1. SIEM (security information and event management) for network monitoring needs. A SIEM (like Wazuh, AlienVault, Zeek, etc.) is a tool for monitor network traffic and log files in real time and allow response to incoming threats.
2. HoneyDB provides real time data of honeypot activity. This data comes from honeypots deployed on the Internet using the HoneyPy honeypot. In addition, HoneyDB provides API access to collected honeypot activity,

Organizations mostly source threat intelligence from third-party providers. By Purchasing this service without using the info to proactively protect your network is like buying a book and expecting to learn the information without reading it. Here are things that can help organizations use threat intelligence more productively.
1. Define what is important ensure that it’s tailored to fit your needs in order to receive the benefit by receiving applicable content to effectively risk profile your business.

Did you know that cyber threat intelligence is an on-going, circular process or cycle rather than an end-to-end process as threat actors never stop developing and testing new techniques for their exploitation.
As such, the threat intelligence cycle involves the following steps; 1. Planning and direction: Data requirements must first be defined by defining what information is needed to make informed decisions in the shortest time. This helps define objectives that are based on evidence gathered, such as the nature of the attack, what was compromised etc.

Today we are going to cover Azure Active Directory.

Azure AD is not simply a cloud version of AD as the name might suggest. Although it performs some of the same functions, it is quite different.

🧵👇 Azure Active Directory is a secure online authentication store, which can contain users and groups. Users have a username and a password which are used when you sign into an application that uses Azure AD for authentication...

Active Directory is a massive and complex attack surface that has long been a prime target for criminals seeking valuable privileges and data.
Active Directory has been around since Windows 2000 but has become a priority for both attackers and defenders in recent years. Attackers conduct privilege escalation to move laterally, persist in target environments, and blend in. Backdoors & misconfigurations on Active Directory systems provide attackers with long-term privileges. Some use Active Directory to deploy ransomware across domainwide systems

This week we are going to tackle some basics on Active Directory.

But what is Active Directory? 🧵👇 Active Directory is a directory service that centralizes the management of users, computers and other objects within a network. Its primary function is to authenticate and authorize users and computers in a windows domain.

Here are some of the approaches for analysis of email related incidents
1. Email header analysis: This involves analyzing metadata in the email headers, which helps to identify the culprits & majority of email-related crimes like email spoofing, phishing, & internal data leakages Key details in email headers like the Delivered-To contains email address of recipient, the Received-By contains last visited SMTP server’s IP address, its SMTP ID, date and time which the email is received. The Received-from field may provide IP address of sender and host name.

Today we will have an understanding some of the basic components of an email.
1. Mail User Agent (MUA): is used as a client-side application running on a computer for sending and receiving emails. Example: Microsoft Outlook, Gmail ThunderBird, webmail etc. 2. Mail Transfer Agent (MTA): accepts messages from a sender and routes it to the destination. Example is postfix, Sendmail, Microsoft exchange, Zimbra, etc.
MUA communicates with MTA using different protocols like IMAP and POP3 to download the messages intended for the receiver.

This week our focus will be on SSL Certificates.

You will understand how an SSL certificate works, types of certificates, where one can purchase SSL certificates, details included in SSL certificates among many others.

A thread 🧵👇 SSL - Secure Sockets Layer

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.

Malware Analysis Tools
Here are some of the free tools for analyzing a malware.
1. Process Hacker- observers running processes
Process monitor- records local system interactions
2. ProcDOT - cleans up and visualizes process monitor data
3. Wireshark - records network activity 4. Magnetic ram capture – creating memory dumps
5. IDA Pro – is a code analysis tool useful in reverse engineering malwares.
6. What’s Running - is a scanning tool that shows currently active programs, processes, services, modules and network connections.

How does DNS work?

In a usual DNS query, the URL typed in by the user has to go through four servers for the IP address to be provided. The four servers work with each other to get the correct IP address to the client, and they include:

A Thread 👇👇 1) DNS recursor: The DNS recursor, which is also referred to as a DNS resolver, receives the query from the DNS client. Then it communicates with other DNS servers to find the right IP address.

This week our focus will be on DNS

A thread🧵 The Domain Name System (DNS) turns domain names into IP addresses, which browsers use to load internet pages. Every device connected to the internet has its own IP address, which is used by other devices to locate the device.