I just got my latest statement from #NoStarchPress. In the 11 years that my Practice of #NetworkSecurityMonitoring #NSM book has been in print, I've now sold 25,000 copies. About 7k were electronic and 18k were print. Thank you to everyone who bought a copy!

The day is almost upon us, friends! Friday is our annual event #BSidesBoulder24 and we've got two excellent hands-on workshops taking place.

We've already highlighted how to up your CyberChef-foo with Del Armstrong from @redcanary so today, we will highlight Shad Gunderson from @corelight's workshop designed to introduce students to network threat hunting techniques using community-based threat intelligence #cti combined with Suricata and Zeek/Bro. This will include an introduction to key concepts found in network #intrusiondetection,#networksecuritymonitoring #nsm, and network detection capabilities. Following the workshop will be a capture the flag #ctf exercise.

Tickets are still available for our 14 June event, so register here: https://www.eventbrite.com/e/bsides-boulder-2024-registration-827899629077

Unnskyld meg, skal man ikke forutsette av ledere av statlige direktorat/forvaltningsorgan har minimumskunnskap om hva forvaltningsorgan ikke kan gjøre?

> [Justis]Departementet burde også forsikret seg om at den direktør Sofie Nystrøm var rustet til å styre NSMs økonomi, da hun ble ansatt i 2021.

https://www.aftenposten.no/norge/i/zEdEzr/nsms-gigantlaan-broet-reglene-og-broet-plikt-til-aa-opplyse-om-laan

From the article:

A self-proclaimed “tribe” of racist heathens is building a compound on a 122-acre property in Tellico Plains, eastern Tennessee. This group overlaps with Patriot Front (PF), a fascist organization with members nationwide, and the “Church of Aryanity,” a racist cult that refers to Adolf Hitler as “the Great One.” The leader of the Tennessee “tribe” is Brian Culpepper, who spent a decade in the white supremacist National Socialist Movement (NSM) and was its PR Director for several years.

In 2022, Patriot Front used the large property—mostly woodland but with cleared areas—to train its members for street demonstrations. Last year, PF members traveled to work construction on the property, including a large building intended as a combined martial arts dojo, heathen temple, and home for PF member, Ian Michael Elliott. As construction on the land progresses, the property will host increasingly large racist gatherings. At least equally dangerous, the “tribal land” will bring together far-right martial artists, aspiring street brawlers from fascist “Active Clubs,” and some of the most violent fringes of the neo-Nazi scene. It already provides a home for committed PF members. By documenting this compound and revealing its location, we hope to warn eastern Tennessee residents about the white supremacist threat in their midst.

#Tennessee #PatriotFront #TellicoPlains #MonroeCounty #fcknzs #NationalSocialistMovement #NSM #UniteTheRight #heathen #odinism #IronFront #accelerationism #ChurchOfAryanity #NeoNazis

https://atlantaantifa.org/2024/01/30/revealed-patriot-front-linked-aryan-tribal-land-in-eastern-tennessee/

Key Network Questions -  I wrote this on 7 December 2018 but never published it until today. The following... https://taosecurity.blogspot.com/2023/06/key-network-questions.html #nsm

The U.S. State Department has made a determination approving a possible Foreign Military Sale to the Government of Latvia of Naval Strike Missile Coastal Defense System

https://mil.in.ua/en/news/foreign-military-sale-to-the-government-of-latvia-of-naval-strike-missile-coastal-defense-system-agreed/

Australia plans to launch its own production of guided missiles within the next two years, two years sooner than expected

https://mil.in.ua/en/news/australia-plans-to-launch-the-production-of-guided-missiles-by-2025/

Першим кораблем Королівського флоту Великої Британії, який отримав норвезькі протикорабельні ракети #NSM, став фрегат HMS Somerset

Нові ракети приходять на зміну американським Harpoon

https://mil.in.ua/uk/news/na-pershyj-brytanskyj-fregat-vstanovyly-nsm-zamist-harpoon/

@zeek matters because it is literally the codification of the security principle "prevention eventually fails."

Defenders often do not know how adversary activity will specifically manifest on the network.

By summarizing traffic, extracting key data, and deriving insights, Zeek provides the network evidence defenders need to interdict intruders before they accomplish their mission.

Note: Zeek offers 2 of 4 elements of #NetworkSecurityMonitoring data (transaction logs and extracted files). #NSM also requires alerts and pcap. Furthermore, NSM data works with third party sources, infrastructure/application logs, and endpoint data.

In 2023, the Ministry of Defense of Latvia plans to sign a contract for the purchase of Naval Strike Missile (NSM) coastal defense systems https://mil.in.ua/en/news/latvia-plans-to-purchase-nsm-coastal-defense-systems/ #Latvia #NATO #NSM #Missile

https://twitter.com/militarnyi_en/status/1607390544824614912

Reposted from Twitter by @nafobot

Where'd them packets go?
#happyholidays #netsec #blueteam #nsm

Hot off the press
---------------------------------------
I wrote this article for PowerGrid International magazine and it is to help folks with tuning their ICS /OT / SCADA network security monitoring alerts. You don't have to reinvent the wheel!

***If ICS NSM is in your responsibility, please read this article (link below) I would love to get your feedback.***

Documentation about tuning ICS NSM systems are rare. ICS NSM solution documentation tends to focus on how to turn on and off the baseline feature, and not go into specifics about how to fine tune the system.

If you buy an ICS NSM solution and forget it, it will be useless. If a vendor says their sensor/IDS requires no tuning, they are lying to you. An unmanaged and untuned ICS NSM or IDS will create floods of alerts, nuisance alerts, and contributes to alert fatigue for your engineers and SOC analysts.

Thank you!

: When fine-tuning your cybersecurity alerts, it’s best to focus on the basics
https://www.power-grid.com/td/when-fine-tuning-your-cybersecurity-alerts-its-best-to-focus-on-the-basics/