Posts tagged Komand

A Guide to Defending Pokemon Go Gyms: Lessons from Cybersecurity

You’ve probably heard of this Pokemon Go thing. We recently featured the game in our latest newsletter, and have since been running around like PokeManiacs trying to catch ‘em all. While discussing our Komand group strategy (Yes, we’re playing as a team 😅), we couldn’t help but notice parallels between Pokemon Go and cybersecurity. In particular, we see strong correlations between gym defense and cyberdefense. For those that aren’t privvy, the goal of Pokemon Go is to collect and train as many

9 min Komand

Local Cybersecurity Meetups Near You

Here at Komand, we understand the importance of being part of a community [https://komunity.komand.com]. [https://komunity.komand.com/] Not everyone can can afford the cost or time commitment necessary to attend large conferences. But that shouldn’t stop you from staying current, connected and active with the security community. Think local meetups: easy access, inexpensive, and in a relaxing environment with familiar faces. Recently, we featured US Cybersecurity Conferences [/2016/06/22/us-cyb

5 min Automation and Orchestration

AWS Series: Creating a Privoxy, Tor Instance

Synopsis: If you want to increase your privacy or perform security research with Tor [https://www.torproject.org/], Privoxy [http://www.privoxy.org/], etc. a virtual server is an excellent choice. I’m using Amazon EC2 which provides a years worth of a VM with limited resources for free. A few benefits are listed below 1. Low cost 2. Access from just about anywhere 3. Low resource allocation 4. Easy to spin up Creating the Cloud Instance: After logging into your Amazon cloud account select

6 min Automation and Orchestration

AWS Series: OpenSWAN L2TP over IPSEC VPN Configuration

Synopsis: We will look at how to configure an L2TP over IPSEC VPN using OpenSWAN [https://www.openswan.org/] and how to connect to it using Mac OSX. This guide is written for running the VPN software on a CentOS 7 x86_64 EC2 instance (ami-6d1c2007) provided by Amazon Web Services. The VPN will be configured to use local authentication and a pre-shared key. This is a great way to allow access into your AWS VPC. Procedure: The procedure is broken into 3 parts: * AWS – Create an EC2 instance *

5 min Automation and Orchestration

Bro Series: Creating a Bro Cluster

Synopsis: This short article will demonstrate how to setup a minimal Bro cluster [https://www.bro.org/sphinx/cluster/index.html] for testing. Because of its minimal nature, this article will exclude discussion of load balancing traffic across multiple bro workers (processes), security conscious permissions, and other bro related tuning and features such as sending e-mail. Its purpose is to get a Bro cluster up and running as quickly as possible so you can begin familiarizing yourself with cluste

6 min Komand

Defender Spotlight: Ryan Huber of Slack

Welcome to Defender Spotlight! In this weekly blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. Today, we're talking with Ryan Huber. Currently at Slack, Ryan has previously held positions at companies such as Orbitz and Risk I/O, doing security, engineering, or a combination of both. He enjoys computers, and can often b

11 min Automation and Orchestration

GDB for Fun (and Profit!)

Who Should Read This? Have you ever wondered why your code doesn’t work? Do you ever find yourself puzzled by the way someone else’s program works? Are you tired of spending night after tearful night poring over the same lines of code again and again, struggling to maintain your sanity as it slips away? If this sounds like you or someone you know, please seek help: use a debugger. What Is a Debugger? For those of you that have never used a debugger: 1. I’m so sorry 2. Please read on A debug

4 min Komand

How to Create a Culture of Security Ownership Across Your Organization

Company culture is a phrase that means different things to many people. From the company mission statement to the performance of a team, culture is often an amalgamation of leadership values and individual employee contributions. Security, and its many variants (cybersecurity, infosec, et. al), isn’t always a word associated with “culture”. But in today’s digital landscape, it absolutely should be. Building a successful company culture often comes down to three elements: people, processes, and

3 min Komand

SOC Series: How to Structure and Build a Security Operations Center

Building an effective security operations center (SOC) [https://www.rapid7.com/fundamentals/security-operations-center/] requires organizing internal resources in a way that improves communication and increases efficiencies. Adding to a former post,When to Set Up a Security Operations Center [https://www.rapid7.com/blog/post/2016/06/01/to-soc-or-not-to-soc-when-to-set-up-a-security-operations-center/] , we're now offering a framework for organizing the three key functions of a SOC: people, proce

14 min Automation and Orchestration

Working with Bro Logs: Queries By Example

Synopsis: Bro [http://bro.org/], a powerful network security monitor, which by default churns out ASCII logs in a easily parseable whitespace separated (column) format from network traffic, live or PCAP. Because this logs are in the aforementioned format it makes them very hackable with the standard unix toolset. If you’re an experienced unix user with ample networking knowledge you probably have all the know-how to immediately pull useful data from Bro logs. If you’re not familiar with the stan

3 min Komand

SOC Series: When to Setup a Security Operations Center

To build a successful security function, you need to coordinate across people, processes, and technology. And the stakes have never been higher than they are today when it comes to information security, which is why many businesses are looking for ways to centralize security operations by way of a security operations center (SOC) [https://www.rapid7.com/fundamentals/security-operations-center/] Check out our Ebook, Presenting Upward: How to Showcase SecOps Metrics that Matter [https://www.rapid

15 min Automation and Orchestration

Nagios Series: Deployment Automation Tips and Tricks

Synopsis: In this article I will be sharing some ideas that I’ve used from my experiences that will help streamline and take a lot of the work out of managing a Nagios deployment. I will go into multiple ways to manage your deployment. As you read on I will introduce a more complete solution. We will begin with git and cron, extend that to use subtrees, and then move along to an enterprise deployment with Puppet and ERB along with the aforementioned tools. Git: My philosophy is that just about

6 min Komand

Building SVG Maps with React

Here at Komand, we needed a way to easily navigate around our workflows. They have the potential to get complex quickly, as security workflows involve many intricate steps. To accomplish this task, we took an SVG approach to render our workflow dynamically (without dealing with div positioning issues). This gave us the power of traditional graphics to do a variety of manipulations on sub components. In this walkthrough, we will useInteractive SVG Components [http://www.petercollingridge.co.u

4 min Automation and Orchestration

Nagios Series: DNS Resiliency

Synopsis: Host operating system resolver libraries are not very good at dealing with an unreachable nameserver. Even if you specify multiple nameservers in resolv.conf and one of them goes down you will experience a period where connections will not be made because resolution is not known. There are a number of resolver tuning options but even reducing the timeout to 1 second there will result in a delay. This affects nearly all unix-like operating systems including GNU/Linux. In this article w