Category Archives: Blog

CISS2020-OL: Attacking the Secure Water Treatment testbed

JYVSECTEC Red Team participated in CISS2020-OL Critical Infrastructure Security Showdown 2020 Online competition and placed 3rd out of 17 teams. CISS2020-OL participants were invited by iTrust, Centre for Research in Cyber Security at the Singapore University of Technology and Design (SUTD). CISS2020 invites red teams to try their best at disrupting their Secure Water Treatment […]

Adding Realism to Cyber Security Exercises – Populating RGCE environment

Our Realistic Global Cyber Environment (RGCE) is a feature rich live cyber range that brings together a realistic global world and organization environments in an isolated private cloud. RGCE’s global world functions the same way as the real Internet; however, it is fully controlled by JYVSECTEC. The Internet of RGCE has similar counterparts as the real […]

Continuous integration in collaborative analysis of incidents = CINCAN

Some say all good things must come to an end. The CINCAN project started in 2018 and this 2-year project, co-financed by the Connecting Europe Facility of the European Union, is reaching the end on June 2020. The project was established with a mission to make the jobs of national cyber security operators easier by […]

Carry out investigations remotely using containerized GRR

The containerized GRR is a forked version of GRR Rapid Response, incident response framework designed by Google engineers. In today’s blog post I’m focusing on the GRR features that allow the real-time investigation to be made remotely via web-based user interface. Read more about the Docker containerized GRR from my previous blog post. GRR is an […]

Deploy the containerized GRR to unmask the intruders

Containerized GRR is a forked implementation of the GRR Rapid Response, a tool for incident response designed and developed by Google engineers. Containerized GRR differs from the original GRR by utilizing the Docker containers on its working. In my experience, Docker containers are a more approachable way to take the tool into use since containers […]

Police and organisations join forces in the control of cybercrime

There are great sighs of relief among cyber criminals because the systems in use in organisations are not up to date, neither is the level of competence in the cyber security of users. Picture a realistic scene where a cybercriminal successfully secures access to the system of an organisation enabling access to sensitive and critical […]

Experiences with Hardened Firefox

After studying Internet user tracking and how to avoid it in my Thesis, I decided to experiment with Firefox privacy settings. With Firefox one can customize almost any parameters in a user.js file under the user’s profile. There are many projects that aim to provide a template for these customizations for better security and privacy. […]

Why are we sensitive to cyber attack

In the digital world, whenever we click on something and reply to some request for information, we are at every suitable opportunity vulnerable to be misled and defrauded. Human nature is trusting, compliant, and curious, as well as desiring more of something and all it requires is a suitable moment and a confidence raising enquirer. […]

Tool for extracting possible IoC information from files

This blog post presents a tool called ioc_strings that can be used to gather relevant technical information from file strings. The tool is developed for CinCan project to be used in incident analysis Continuous Integration (CI) pipelines, and also for standalone use for incident analyst. ioc_strings tool extracts possible IoC (Indicator of Compromize) information from files, such as urls, domains, emails, hashes etc. These IoC types are compatible with Cortex-Analyzers, therefore it is possible to feed these gathered […]

National Cyber Security Exercise 2019 is over or is it?

Week 21 was the actual exercise week for the national cyber security exercise. The immense planning and implementation work led by the Secretary General of the Security Committee, Vesa Valtonen, culminated in the exercise week where the organisations of state administration practiced in a technical-operational cyber exercise survival in wide-ranging and multidimensional cyber incidents. Now […]