Monday, January 7, 2019

Proofpoint Wombat Security Education Platform Usage - Create Training Assignment

Gartner has named Proofpoint (Wombat Security) a Leader in Security Awareness Computer-Based Training for a couple of years as far as I could find.

There are many functions and features I like, but one thing I specially liked is how easy you can setup a training just with a couple of clicks and some basic information entered. The templates from Wombat is already good enough for most situations. In this post, I captured some screenshots to show how easily it can be done.


1. Log into Wombat Platform
Products->Training -> Assignmetns

Sunday, December 30, 2018

Step by Step Installation Python IDE - PyCharm

Based on Wikipedia, PyCharm is an integrated development environment (IDE) used in computer programming, specifically for the Python language. It is developed by the Czech company JetBrains. It provides code analysis, a graphical debugger, an integrated unit tester, integration with version control systems (VCSes), and supports web development with Django.

PyCharm is cross-platform, with Windows, macOS and Linux versions. The Community Edition is released under the Apache License, and there is also Professional Edition with extra features, released under a proprietary license.

This post and related YouTube video will show you the step by step installation.

1. Download Free Community Version 

From download URL: https://www.jetbrains.com/pycharm/download/#section=windows, we will get a 212MB file : pycharm-community-2018.3.2.exe.



Threat Hunting Tools

Here are some collections from Internet about Threat Hunting tools, information and resources.

1. Kansa

Thursday, December 27, 2018

VanDyke SecureCRT Usage Tips and Tricks

VanDyke SecureCRT provides  IT pros a very user-friendly client to manage command line devices and SSH hosts with. Connecting to devices securely is one thing, and there are other products that can achieve this goal, but with SecureCRT, multiple connections can be managed in tabs to allow you to work between sessions without changing windows.

Here are some my favourite settings to customize SecureCRT:
1. Edit Default Settings for terminal Emulation
If you are using Linux devices, please choose Linux as your Terminal. For network / security devices, use VT100 will be best choice.

I also like to set Scrollback Buffer to 5000. If you choose ANSI color, the appearance color will be depending on the color codes sent by the remote application.


Ubuntu Basic Configuration Commands


1. Update / Upgrade Commands
  • sudo apt-get update : In a nutshell, apt-get update doesn't actually install new versions of software. Instead, it updates the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the repositories.
  • sudo apt-get upgrade : will fetch new versions of packages existing on the machine if APT knows about these new versions by way of apt-get update. An update must be performed first so that apt-get knows that new versions of packages are available.
  • sudo apt-get dist-upgrade: will do the same job which is done by apt-get upgrade, plus it will also intelligently handle the dependencies, so it might remove obsolete packages or add new ones. 

Note: we can combine commands with && signs, such as:
  • sudo apt-get update && sudo apt-get dist-upgrade

Monday, December 24, 2018

Gartner Magic Quadrant for SIEM Products (2018,2017,2016,2015,2014,2013,2012,2011...)

Gartner defines SIEM as a technology that aggregates data produced by security devices, network infrastructure and systems, and applications. Products in the security information and event management (SIEM) market analyze security event data and network flow data in real time for internal and external threat management. They collect, store, analyze and report on log data for incident response, forensics and regulatory compliance. Vendors in this space are continually improving threat intelligence and security analytics. Companies are looking to adopt this technology in order to detect threats and breaches, and by compliance needs. Early breach discovery requires effective user activity, data access and application activity monitoring.

Companies placed by Gartner in the Leaders Quadrant have been the most successful in building an installed base and establishing a revenue stream from the SIEM market. Leaders also typically have a high share of the market and high revenue growth. They've also demonstrated superior vision and execution for emerging and anticipated requirements of the market. What's more, they've garnered positive customer feedback for their SIEM products, as well as service and support of those products. 

2018
There are three new vendors (Dell, Exabearn and Securonix) and four existing vendors (IBM, Splunk, LogRhythm, McAfee) in Leaders quadrant. 

Wednesday, December 19, 2018

Proofpoint Wombat Security Awareness Training - Phishing Campaign Step by Step

Wombat ThreatSim® Phishing Simulations are an excellent addition to any security awareness training program, particularly those focused on fighting phishing attacks. Wombat ThreatSim Phishing Simulations serivce has SaaS-based interface which makes it easy to deliver simulated phishing emails and customizable Teachable Moments, which display targeted "just-in-time teaching" messages to individuals who fall for a phishing test.ThreatSim’s customizable email templates address three key testing factors: attachments, embedded links, and requests for personal data. Based on Wombat site, no one else in the industry can offer multiple templates in one campaign, random scheduling of emails to spread out delivery, along with Auto-Enrollment into targeted training if an employee falls for an attack.

This post is a quick step by step guide how to create a basic Phishing Campaign hosted from Wombat ThreatSim platform.

Log into Wombat Security Education Platform and Click ThreatSim -> Phishing Campaigns

Tuesday, December 18, 2018

Ubuntu 16.04.5 LTS (Xenial Xerus) Installation Step by Step in VMWare Workstation (Not Easy Installation)


1. Ubuntu16.04 Installation
1.1 VMware Workstation Virtual Machine Creation for not easy installation
If you are using VMware workstation , by default, system will do easy installation for you, which means all settings will be automatically entered by VMware Workstation. You wont need to provide too much or any information during installation process. We are not going to use this method in this post. We just choose  the option "I will install the operating system later" to skip easy installation.

YouTube Video:
Easy Install vs Non Easy Install