December 2019 – 51 Security

PID 4 listening on Port 80 or Port 12345

2019-12-27 Jonny

It was interesting during one of our Vulnerability Scanning. There are lots of machines listening on port 12345, and it does has lots of connection on it. Also, PID is…

Cisco

ISE Studying Notes

2019-12-27 Jonny

This post is to show some quick steps for regular operation on my home CyberArk lab: On board CyberArk End User If you CyberArk has AD integrated, you will need…

Architecture

A Simplified TRA (Threat and Risk Assessment) Example

2019-12-25 Jonny

Still Under Writing… A Threat and Risk Assessment analyzes a software or hardware system for vulnerabilities, examines potential threats associated with those vulnerabilities, and evaluates the resulting security risks. A…

Guardium

IBM Guardium Studying Notes

2019-12-25 Jonny

Accessmgr account unlock / reset Log in to the CLI and run the following command: support reset-password accessmgr<N>|random. You can use <N> or random where <N> is a number in…

Palo Alto

Palo Alto UserID Agent Configure Steps

2019-12-25 Jonny

One of the challenges in configuring firewall policies is the fact that they rely on IP addresses and IP subnets rather than users or user groups. In particular for next…

SIEM

SIEM System Use Cases

2019-12-25 Jonny

Working on LogRhythm – Cloud SIEM project. LogRhythm’s SIEM solution combines enterprise log management, security analytics, user entity and behavioral analytics (UEBA), network traffic and behavioral analytics (NTBA) and security…

Palo Alto

Palo Alto Firewall Migration Plan Tasks List

2019-12-25 Jonny

It is simple breakdown for a complicate firewall migration plan. It can be used to plan migration from existing firewalls to new Palo Alto Firewall. The tasks should be modified…

CyberArk

Enable CyberArk File Copy / Paste Function Between PSM RDP Sessions

2019-12-25 Jonny

Enable Copy/Paste Function Between PSM RDP Sessions By default, the settings disables this function. You will not be able to copy / paste between PSM RDP sessions, although SSH sessions…

Symantec

Symantec Endpoint Detection & Response (EDR) Notes

2019-12-25 Jonny

Symantec EDR (Endpoint Detection & Response, Previously ATP – Advanced Threat Protection) exposes advanced attacks with precision machine learning and global threat intelligence minimizing false positives and helps ensure high…

Threat Hunting

Vulnerability: SSL/TLS use of weak RC4(Arcfour) cipher port 3389/tcp over SSL

2019-12-25 Jonny

Recent during a vulnerability scan , there is RC4 cipher found using on SSL/TLS connection at port 3389. The solution in the Qualys report is not clear how to fix.…

PID 4 listening on Port 80 or Port 12345

ISE Studying Notes

A Simplified TRA (Threat and Risk Assessment) Example

IBM Guardium Studying Notes

Palo Alto UserID Agent Configure Steps

SIEM System Use Cases

Palo Alto Firewall Migration Plan Tasks List

Enable CyberArk File Copy / Paste Function Between PSM RDP Sessions

Symantec Endpoint Detection & Response (EDR) Notes

Vulnerability: SSL/TLS use of weak RC4(Arcfour) cipher port 3389/tcp over SSL

You missed

Tenable Web Application Cerdential Scans For Web Appications and APIs

Steps to Update/Renew Your CyberArk Infrastrucure Certificates (PSM)

Tenable Lab Steps and Notes – Part 1 (Discovery, NNM, Assessment, Plugins, Compliance, VPR, Analysis)

Tenable Lab Steps and Notes – Part 2 (Dashboards, Reports, Core, Nessus, NNM, Agent, Scanner Groups)