This bi-weekly dispatch is brought to you by the team at Black Harbor. Every other week we share three things. One offensive technique, one defensive technique and some random snippet of something that piqued our interest. It may be a motivational quote, some piece of news or a slice of a product review.
Offense – A Red Team SIEM (RedELK)
Red Teaming is hard. Red Teams will often require robust infrastructure depending on the threat they are emulating and more importantly require accurate logging to help guide blue team response during engagements. Enter, RedELK. RedELK solves the problem of information management for Red Teams. Read more about the project from one of the authors Marc Smeets here.
Defense – Analysis of Encrypted Traffic w/ Zeek
Many analysts will bemoan the use of encryption as it removes the ability for clear-text packet body analysis. This article explains how to use Zeek (bro) to analyze encrypted traffic meta-data to identify malicious encrypted traffic.
Maybe if we acknowledge the outcome of struggling while learning (RTFM) to be greater than not struggling at all (googling tutorials endlessly) we would be more willing to fling ourselves into unknown experiences.
“…learning rates were slower in the forced-choice situation than they were in the free-choice one. It is as though the participants were less invested in the outcomes—showing ambivalence about learning from them somewhat like a child woodenly practicing their scales on the piano to please a parent.”
If you find value in this newsletter please consider sharing it to your friends and colleagues. Signup at https://newsletter.blackharbor.io/
View our past dispatches at https://blackharbor.io/category/dispatch/