Lets Automate It

from Josh Rickard

Understanding Python - Part 2: Running Code

2022-07-14 python Josh Rickard
Introduction Whether you are new to Python or not, ensuring you understand the basics will help you along the way to becoming a Python expert. Please see the first post titled Python vs Powershell Part 1: Versioning. This first post was written in 2018 but still applies. The remaining blog posts are a continuation of this series. Lets get started! Installation You may have Python already installed. To check, open your terminal and type: Continue reading

Understanding HTTP Request Headers

2022-06-21 dfir Josh Rickard
Table of Contents Summary Introduction Setup General Headers Cache-Control Connection Transfer-Encoding Request Headers Common Request Headers Accept Accept-Encoding Authorization User-Agent Response Headers Common Response Headers Location Vary Server WWW-Authenticate Metadata Headers Common Metadata Headers Allow Content-Encoding Content-Type Conclusion Summary Networking is complex. Whether you are troubleshooting network connectivity or attempting to detect malicious external network communications, understanding the nuances of common HTTP requests is extremely helpful but often it can be difficult for many security and IT professionals. Continue reading

Introducing Atomic Operator

2021-12-28 redcanary Josh Rickard
One of the major benefits of Atomic Red Team is that it enables security teams to understand how adversaries leverage MITRE® ATT&CK techniques in the real world, and I’ve been a big fan for years. To me, Atomic Red Team is more than a repository of tests (aka atomics), it’s also a knowledge base, training tool, and more. Each atomic in the library simulates a known adversary behavior associated with a given technique. Continue reading

Atomic Red Team Testing With Swimlane

2021-12-20 swimlane Josh Rickard
Today, Swimlane is excited to announce that we are releasing a new SSP (Swimlane Solutions Package) for use within the Swimlane platform. This SSP will enable organizations to automate the testing of their defenses using Atomic Red Team using our new open-source project called atomic-operator. When using this SSP organizations can gain an understanding of their defensive posture against tests mapped to MITRE ATT&CK techniques. By using this use case you can correlate detections of these tests against their existing automation and log sources thus giving them fast feedback on their defensive posture based on tests available within Atomic Red Team. Continue reading

Common Rest Api Authentication Methods Explained

2021-04-21 swimlane Josh Rickard
When it comes to implementing automation and orchestration, it is critical to understand how authentication works with APIs. The majority of the products in your environment likely have some sort of authentication mechanism. You need to know the nuances and differences between various authentication methods in order to automate communications with those APIs. In this blog post, I aim to help you understand by breaking down three different API authentication methods. Continue reading

Swimlane Releases Elk Tls Docker

2020-11-24 swimlane Josh Rickard
At Swimlane, we love to automate but we also love building and sharing open-source software (OSS) to help security teams. We are proud to announce that we have released a new open-source project called elk-tls-docker to make it easier for you to test and deploy Elastic Stack by automating the creation of several Elastic open-source software solutions. Elk-tls-docker assists with setting up aand creating an Elastic Stack using either self-signed certificates or using Let’s Encrypt certificates (using SWAG). Continue reading

Automating Attck Testing With Soar and Atomic Red Team

2020-07-24 swimlane Josh Rickard
MITRE ATT&CK is the defacto framework for organizations to measure their defense posture. ATT&CK provides categorical verticals in the form of tactics, which align to the common methodologies attackers use. Within these verticals are a set (and subsets) of common ways in which attackers accomplish a tactic (vertical). These are known as techniques. Some techniques may be common across multiple operating systems. This usually equates to a broad definition of a technique. Continue reading
Older posts