Many cybersecurity incidents do not end with the compromise of a single computer. In fact, experienced attackers often view the first compromised device as only the beginning of their operation. Their next objective is to move throughout the network, identify valuable...
Understanding Credential Dumping: A Critical Technique Every SOC Analyst Should Recognize
Credential theft is one of the most valuable objectives for cyber attackers. Once an attacker obtains valid usernames, passwords, or password hashes, they can often move through a network without exploiting additional vulnerabilities. This is why Credential Dumping...
Detecting PowerShell Abuse: What Every SOC Analyst Should Know
ble in Windows. System administrators use it to automate tasks, manage Active Directory, configure servers, and deploy software across enterprise environments. Unfortunately, attackers also recognize its capabilities and frequently abuse PowerShell during...
Why the Principle of Least Privilege Is One of the Most Effective Cybersecurity Controls
Cybersecurity often focuses on detecting attacks after they occur, but some of the most effective security measures prevent attackers from achieving their objectives in the first place. One of the best examples is the Principle of Least Privilege (PoLP). Although the...
Understanding Windows Event ID 4624: A SOC Analyst’s Guide to Successful Logons
When new Security Operations Center (SOC) analysts begin investigating Windows Security logs, one of the first events they encounter is Event ID 4624 – An account was successfully logged on. Because it records successful authentication, many assume it is only useful...
Why the Principle of Least Privilege Is One of the Most Effective Cybersecurity Controls
Cybersecurity often focuses on detecting attacks after they occur, but some of the most effective security measures prevent attackers from achieving their objectives in the first place. One of the best examples is the Principle of Least Privilege (PoLP). Although the...
MITRE ATT&CKにおける偵察(Reconnaissance)とは。
はじめに サイバー攻撃といえば、マルウェアの感染やランサムウェアによる暗号化、C2通信といった「攻撃の後半」に注目が集まりがちです。しかし、攻撃者が実際に侵入を試みる前に必ず行うプロセスがあります。それが 偵察(Reconnaissance) です。 偵察は、建物に侵入する泥棒が事前に下見をするような行為に例えられます。攻撃者は、標的のネットワークや社員情報、防御体制を事前に収集し、それを基盤として攻撃を設計します。 世界中のセキュリティ運用センター(SOC)で利用される MITRE ATT&CKフレームワーク...
Reconnaissance in the MITRE ATT&CK Framework: A Deep Dive into the Adversary’s First Move
Introduction In the ever-evolving landscape of cybersecurity, defenders often focus on malware payloads, ransomware encryption, and command-and-control (C2) channels. But before adversaries deliver a single line of malicious code, they invest time in an...
MITRE ATT&CKフレームワークとは?
MITRE ATT&CKフレームワークとは? MITRE ATT&CKフレームワークは、サイバー攻撃者がさまざまなプラットフォーム上で使用する戦術と技術を体系的にまとめた、世界的に認知されたナレッジベースです。MITRE社によって開発され、攻撃が成功した後にどのように展開されるかを理解するための構造化されたアプローチを提供します。セキュリティチームはこのフレームワークを用いて、検出、脅威ハンティング、攻撃者の模倣を行います。...
What is the MITRE ATT&CK Framework?
What is the MITRE ATT&CK Framework? The MITRE ATT&CK framework is a globally recognized knowledge base that captures the tactics and techniques used by cyber adversaries across different platforms. Created by the MITRE Corporation, it offers a structured...
What is a network switch – Cybersecurity blog
What is a switch A network switch is a device that connects multiple devices within a local area network (LAN) and facilitates communication between them. Operating at the data link layer (Layer 2) of the OSI model, a switch receives data packets from connected...
What is a router – Cybersecurity blog
What is a router A router is your important gateway to connect to the internet which is outside of your network and directs data traffic between computers and other devices on different networks. It acts as a dispatcher, choosing the best path for information to...
What is firewall – Cybersecurity blog
What is firewall Firewalls are very important security tool which can be hardware or software even virtual. Firewalls monitor incoming and outgoing traffic and allow or block traffic based on predetermined rules. The primary purpose of firewalls are to border between...
What is phishing – Cybersecurity blog
What is phishing? Phishing attacks are pretending to be a legitimate person or company that claim who they say they are but actually not. They are trying to get you to click the link in a massage that redirects you to spoofed website. So they can gather some type of...
3日坊主の正体| 正しい習慣の作り方。
なぜ3日坊主なのか 三日坊主で続けようと思ったことが続かずに終わってしまうのは、習慣の作り方を知らないことが1番の原因です。 それを自分は根気がないとか才能がない、続けられる人は才能があるなど言い訳を探しては、どうすれば続けられるのかを考えない人が多いのも事実です。 ではどのようにして自分がやりたいこと、勉強したいと思ってることを続けることができるのでしょう。 それはどうすれば自分の習慣にその事を落とし込めるかにかかっています。 どういうことかと言うと、ほとんどの人が習慣になる前にやめてしまい、習慣化する前に諦めてしまうからです。...
