Blog
PowerShell and live response – why are they so good together?
PowerShell is a powerful management tool designed for system automation and configuration; however, its suppleness makes it justifiable to use for other purposes as well. Recent development of PowerShell has placed it also on the list of the live response tools an incident responder should have in their toolbox. In this blog post I’ll go through several key points why PowerShell is as good as it is from the incident responders’ point of view.
Blog
Healthcare under attack – Cyber security incident response in times of pandemic
Kaisa Sulasalmi
29.01.2021
These days we can constantly read about new cyberattacks against private and public actors. Even before COVID-19, the healthcare sector was a target of cyberattacks, but during the crisis the attacks have intensified, and the awareness about the importance of securing the healthcare and medical sectors has increased. According to fintechnews.org, 80% of companies have […]
Blog
Cyber Kill Chain Based Approach for Intrusion Detection
Kaisa Sulasalmi
29.10.2020
The number of intrusions into organization IT environments has been increasing over the years. Detecting intrusions remains a difficult task as the long average adversary dwell times indicate (56 days in 2019, according to the FireEye M-Trends 2020 report). A new approach for intrusion detection is to use a cyber kill chain-based model, where system […]
Blog
CISS2020-OL: Attacking the Secure Water Treatment testbed
JYVSECTEC Red Team participated in CISS2020-OL Critical Infrastructure Security Showdown 2020 Online competition and placed 3rd out of 17 teams. CISS2020-OL participants were invited by iTrust, Centre for Research in Cyber Security at the Singapore University of Technology and Design (SUTD). CISS2020 invites red teams to try their best at disrupting their Secure Water Treatment […]
Blog
Adding Realism to Cyber Security Exercises – Populating RGCE environment
Our Realistic Global Cyber Environment (RGCE) is a feature rich live cyber range that brings together a realistic global world and organization environments in an isolated private cloud. RGCE’s global world functions the same way as the real Internet; however, it is fully controlled by JYVSECTEC. The Internet of RGCE has similar counterparts as the real […]
Blog
Continuous integration in collaborative analysis of incidents = CINCAN
Some say all good things must come to an end. The CINCAN project started in 2018 and this 2-year project, co-financed by the Connecting Europe Facility of the European Union, is reaching the end on June 2020. The project was established with a mission to make the jobs of national cyber security operators easier by […]
Blog
Carry out investigations remotely using containerized GRR
The containerized GRR is a forked version of GRR Rapid Response, incident response framework designed by Google engineers. In today’s blog post I’m focusing on the GRR features that allow the real-time investigation to be made remotely via web-based user interface. Read more about the Docker containerized GRR from my previous blog post. GRR is an […]
Blog
Deploy the containerized GRR to unmask the intruders
Kaisa Sulasalmi
01.04.2020
Containerized GRR is a forked implementation of the GRR Rapid Response, a tool for incident response designed and developed by Google engineers. Containerized GRR differs from the original GRR by utilizing the Docker containers on its working. In my experience, Docker containers are a more approachable way to take the tool into use since containers […]
Blog
Police and organisations join forces in the control of cybercrime
There are great sighs of relief among cyber criminals because the systems in use in organisations are not up to date, neither is the level of competence in the cyber security of users. Picture a realistic scene where a cybercriminal successfully secures access to the system of an organisation enabling access to sensitive and critical […]
Blog
Experiences with Hardened Firefox
After studying Internet user tracking and how to avoid it in my Thesis, I decided to experiment with Firefox privacy settings. With Firefox one can customize almost any parameters in a user.js file under the user’s profile. There are many projects that aim to provide a template for these customizations for better security and privacy. […]
