Automated Malware Analysis and Reverse Engineering With Soar

We all know that security operations (SecOps) teams are overwhelmed by the extreme number of alerts they receive on a daily basis. Organizations are being attacked from all fronts, whether they know it or not. These attacks vary from social engineering, malicious emails, vulnerable services and applications, misconfiguration (job fatigue), etc.

Traditionally in a security operations center (SOC), malware analysis—more specifically reverse engineering—is conducted by a highly trained member of the security team (depending on your size, this may be multiple individuals). A SOC may receive hundreds, even thousands, of alerts about potentially malicious files from users reporting malicious messages to EDR (endpoint detection and response) to workstation/server event logs.

Python vs Powershell Part 1: Versioning

I posted a tweet earlier this week asking if anyone would be interested in a small series of posts that explain the differences between Python and PowerShell.

So, here we go!

Python on macOS

Python and PowerShell are quite a bit different from each other. Python has been around for several years and works on multiple operating systems. Additionally, Python is beloved by it’s extremely supportive open-source community; rightfully so! Python is fast and portable, and is a go to for most developers.

Using Amazon SNS With Powershell

Simple Notification Service (SNS) from Amazon Web Services (AWS) can work in conjunction with AWS Simple Queue Service (SQS), Lambda Functions, HTTP APIs/endpoints, Elastic Compute Cloud (EC2), Simple Storage Service (S3), and so on. As PowerShell continues to gain attraction with IT professionals around the globe, you can use SNS along with other services to create powerful applications to help your business win.

Amazon SNS lets your application deliver notifications to additional services or applications, depending on your use case. SNS is becoming more and more common in microservice architecture designs around the globe. If your application needs to communicate with multiple endpoints or you need multiple applications to communicate to a central service, you should consider AWS SNS.

How to Setup a Hugo Website on GitHub

I recently transitioned my blog over to GitHub Pages from WordPress. I was using the free version from WordPress.org and I wanted more granular control over the layout. Additionally, I wanted to automate my blog publishing and social media notifications; the free version of WordPress didn’t meet my needs. So I looked around and eventually fell in love with Hugo! This post outlines how to go about setting up a GitHub Pages website/blog using Hugo.

Using Amazon Sqs With Powershell

Amazon SQS is a flexible queue service that has many uses cases, from scalable web applications and processing systems to inter-application communications. This is useful if you need to process lots of data at once or have threads or workers to do a specific action to a large pool of data.

With the explosion of use cases for PowerShell and Docker in production systems, you can easily scale using queue systems like Amazon SQS. SQS is beneficial when your service or application has job workers that need to perform actions based on a large pool of data.

Traverse Local Certificate Store With Powershell

Windows Certificate Store is typically accessed using the MMC Snap-In, You can view both the Computer or User certificate stores using a traditional MMC console. Sometimes though, you may just want to programmatically access it using PowerShell. Luckily you can do this using a PSDrive that is created on your machine.

As you can see there is a Cert drive and you can access it using PowerShell’s multiple location based Cmdlets. For example, if you can use cd Cert:\ and it will change your current directory to the certificate PSDrive. You can also use Set-Location,Push-Location, Pop-Location etc. when access your PSDrives.

Powershell Console, Scripts, Functions, Modules, Cmdlets, Oh My!

PowerShell is unique, but it is also necessary in today’s world. I find that newcomers to the language are sometimes confused or don’t understand the basic layers of PowerShell scripting. You can use PowerShell in different ways, but I have yet to find an all encompassing article that explains the high-level of how to interact with PowerShell in these different ways.

This post will explain the different concepts (or layers) of PowerShell code organization and their main advantages and use cases. We will dive into the different approaches of implementing PowerShell and why you would use one over the other.