Matteo Meucci

New Paper: “Future of #SOC: Transform the ‘How’” (Paper 5) https://buff.ly/4j3sUMm <- follows the ideas from our "transform vs optimize" paper and gives a few tips on how to run the SOC project alongside another related effort (It is fun! I promise!)

172

4 commenti

🔍 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗙𝗼𝗿𝗲𝗻𝘀𝗶𝗰𝘀 𝗧𝗶𝗽: 𝗨𝗻𝗺𝗮𝘀𝗸𝗶𝗻𝗴 𝗨𝘀𝗲𝗿 𝗔𝗰𝘁𝗶𝘃𝗶𝘁𝘆 𝘄𝗶𝘁𝗵 𝗥𝘂𝗻𝗠𝗥𝗨! 🕵️‍♂️ Did you know that Windows keeps a detailed log of commands and programs executed via the "𝗥𝘂𝗻 𝗱𝗶𝗮𝗹𝗼𝗴 𝗯𝗼𝘅" (𝙒𝙞𝙣𝙙𝙤𝙬𝙨 + 𝙍)?  This often-overlooked Registry key, known as 𝗥𝘂𝗻𝗠𝗥𝗨, is a goldmine for forensic investigators! 🚀 Found at  𝙃𝙆𝙀𝙔_𝘾𝙐𝙍𝙍𝙀𝙉𝙏_𝙐𝙎𝙀𝙍\𝙎𝙤𝙛𝙩𝙬𝙖𝙧𝙚\𝙈𝙞𝙘𝙧𝙤𝙨𝙤𝙛𝙩\𝙒𝙞𝙣𝙙𝙤𝙬𝙨\𝘾𝙪𝙧𝙧𝙚𝙣𝙩𝙑𝙚𝙧𝙨𝙞𝙤𝙣\𝙀𝙭𝙥𝙡𝙤𝙧𝙚𝙧\𝙍𝙪𝙣𝙈𝙍𝙐 This simple yet powerful key can reveal critical insights into user behavior, including:  1.   𝗖𝗼𝗺𝗺𝗮𝗻𝗱-𝗹𝗶𝗻𝗲 𝘁𝗼𝗼𝗹𝘀 𝘂𝘀𝗲𝗱: Did a user execute any suspicious scripts?  2.   𝗣𝗼𝗿𝘁𝗮𝗯𝗹𝗲 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗹𝗮𝘂𝗻𝗰𝗵𝗲𝗱: Were unauthorized programs run without installation?  3.   𝗢𝗿𝗱𝗲𝗿 𝗼𝗳 𝗲𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻: The 𝗠𝗥𝗨𝗟𝗶𝘀𝘁 value precisely tracks the sequence of commands. As seen in the example, if 𝗠𝗥𝗨𝗟𝗶𝘀𝘁 shows "𝗰𝗯𝗮", it means "c" (𝗰𝗺𝗱) was the most recent command, followed by "b" (𝗰𝗮𝗹𝗰), and "a" (𝗿𝗲𝗴𝗲𝗱𝗶𝘁) was the oldest. This chronological order is invaluable for reconstructing events! ⏳ Understanding the 𝗥𝘂𝗻𝗠𝗥𝗨 key is crucial for incident response and digital investigations. It helps paint a clearer picture of what a user was doing on a system. #DigitalForensics #Cybersecurity #WindowsRegistry #IncidentResponse #DFIR #RunMRU #CyberInvestigation #DF

221

15 commenti

NIST AI Attacks and Mitigation (2025)  : The latest NIST report provides a structured taxonomy of attacks and mitigation strategies to protect AI systems. Attackers can manipulate them to spread misinformation, steal data, or bypass security. Key Attack Types: 1 Evasion Attacks → Trick AI into misclassifying inputs (e.g., altered images fooling facial recognition). 2 Poisoning Attacks → Corrupt training data or model parameters (e.g., backdoor attacks on LLMs). 3 Privacy Attacks → Extract sensitive training data via queries (e.g., membership inference). How to Defend Your AI: - Adversarial Training – Train models on manipulated inputs to enhance robustness. - Data Sanitization – Detect and filter poisoned data before training. - Formal Verification – Use mathematical proofs to validate AI security (though scalability is a challenge). The Hard Truth: - NO AI system is provably secure—attackers adapt faster than defenses. - Supply chains introduce hidden risks—third-party models may contain undetectable backdoors. What's the Next Steps for AI Leaders: To stay ahead, businesses must adopt a multi-layered security approach, benchmark against evolving threats, and document AI risks transparently. Thanks to National Institute of Standards and Technology (NIST) Syed Ali Turab Francis Syms

103

8 commenti

🔐 Looking for a no-fluff guide to strengthening your data protection program? This short but solid PDF 👉 “Data Protection Checklist” by Hanım Eken (attached below) covers 12 essential areas every organization should review — whether you're just starting or reviewing your maturity. Here’s what’s included: 1️⃣ Data classification based on sensitivity 2️⃣ Role-based access & least privilege 3️⃣ Encryption of data at rest and in transit 4️⃣ Masking & anonymization in dev/test environments 5️⃣ DLP controls and endpoint protections 6️⃣ Secure retention and disposal practices 7️⃣ Backup integrity and offsite storage 8️⃣ Compliance with GDPR, CCPA and more 9️⃣ Employee training & awareness programs 🔟 Incident response, breach reporting, and regulatory readiness 🔁 Vendor risk management and contract clauses 📈 Continuous improvement based on risk assessments, lessons learned & audits ✅ Great as an internal checklist for IT/security teams ✅ Ideal for DPOs preparing for audits or DPIAs ✅ Quick reference for vendor due diligence or ISO 27001 reviews 📎 PDF is attached — share it with your team or bookmark it for your next GRC review. #DataProtection #PrivacyCompliance #GDPR #InfosecChecklist #SecurityAwareness #VendorRisk #CyberSecurity #DPOtools #RiskManagement #ISO27001 #CCPA

43

1 commento

🚨 Breaking News in Cybersecurity 🚨 A new zero-day vulnerability has been discovered in Windows Hyper-V, which allows attackers to gain SYSTEM privileges by exploiting a critical flaw! 💥 Discovering PoC for CVE-2025-21333 Italian security researcher Alessandro Iandoli has identified the potential exploit (PoC) for this previously unknown vulnerability. The vulnerability is related to the vkrnlintvsp.sys driver, which manages virtualization-related functions on Windows systems. Here's how it works: Target a system running Windows 10 or later versions 📊 Identify the vulnerable vkrnlintvsp.sys driver version on the target system 🤔 Overwrite specific I/O Ring buffer entries in the driver with malicious data 💣 The PoC exploit bypasses normal security controls, allowing attackers to execute arbitrary code with SYSTEM privileges and compromise system security. 💸 Stay vigilant! Cybersecurity is everyone's responsibility. Let's work together to stay safe online. Original Reference: https://lnkd.in/dVMrRpBx

120

1 commento

🚨 Two of Europe’s key regulators — 𝗕𝗦𝗜 (Germany) and 𝗔𝗡𝗦𝗦𝗜 (France) — have just released joint principles for 𝗟𝗟𝗠-𝗯𝗮𝘀𝗲𝗱 𝘀𝘆𝘀𝘁𝗲𝗺𝘀, framed within the 𝗭𝗲𝗿𝗼 𝗧𝗿𝘂𝘀𝘁 model. 🔑 The paper outlines six core design principles that give shape to this approach: 1️⃣ Authentication & Authorization — verify every identity, limit privileges. 2️⃣ Input & Output Restrictions — validate data to prevent prompt injection or leakage. 3️⃣ Sandboxing — isolate components to contain errors or misuse. 4️⃣ Monitoring & Control — log, detect anomalies, and enforce safeguards. 5️⃣ Threat Intelligence — adapt defenses to evolving attack patterns. 6️⃣ Awareness — train, communicate, and supervise with transparency. 💡 This isn’t about slowing innovation. It’s about building trustworthy, resilient AI systems — with clear guardrails that can withstand both technical and regulatory scrutiny. 📄 Full paper 👉: https://lnkd.in/eW9ibQNJ #AI #CyberSecurity #ZeroTrust #AIRegulation #AISecurity #Trust

48

1 commento

Today, National Institute of Standards and Technology (NIST) published its finalized Guidelines for Evaluating ‘Differential Privacy’ Guarantees to De-Identify Data (NIST Special Publication 800-226), a very important publication in the field of privacy-preserving machine learning (PPML). See: https://lnkd.in/gkiv-eCQ The Guidelines aim to assist organizations in making the most of differential privacy, a technology that has been increasingly utilized to protect individual privacy while still allowing for valuable insights to be drawn from large datasets. They cover: I. Introduction to Differential Privacy (DP): - De-Identification and Re-Identification: Discusses how DP helps prevent the identification of individuals from aggregated data sets. - Unique Elements of DP: Explains what sets DP apart from other privacy-enhancing technologies. - Differential Privacy in the U.S. Federal Regulatory Landscape: Reviews how DP interacts with existing U.S. data protection laws. II. Core Concepts of Differential Privacy: - Differential Privacy Guarantee: Describes the foundational promise of DP, which is to provide a quantifiable level of privacy by adding statistical noise to data. - Mathematics and Properties of Differential Privacy: Outlines the mathematical underpinnings and key properties that ensure privacy. - Privacy Parameter ε (Epsilon): Explains the role of the privacy parameter in controlling the level of privacy versus data usability. - Variants and Units of Privacy: Discusses different forms of DP and how privacy is measured and applied to data units. III. Implementation and Practical Considerations: - Differentially Private Algorithms: Covers basic mechanisms like noise addition and their common elements used in creating differentially private data queries. - Utility and Accuracy: Discusses the trade-off between maintaining data usefulness and ensuring privacy. - Bias: Addresses potential biases that can arise in differentially private data processing. - Types of Data Queries: Details how different types of data queries (counting, summation, average, min/max) are handled under DP. IV. Advanced Topics and Deployment: - Machine Learning and Synthetic Data: Explores how DP is applied in ML and the generation of synthetic data. - Unstructured Data: Discusses challenges and strategies for applying DP to unstructured data. - Deploying Differential Privacy: Provides guidance on different models of trust and query handling, as well as potential implementation challenges. - Data Security and Access Control: Offers strategies for securing data and controlling access when implementing DP. V. Auditing and Empirical Measures: - Evaluating Differential Privacy: Details how organizations can audit and measure the effectiveness and real-world impact of DP implementations. Authors: Joseph Near David Darais Naomi Lefkovitz Gary Howarth, PhD

346

13 commenti

Deploying #GenAI solutions?  Are they #Secure? Check NIST's  new finalized guidelines "Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations." This is a vastly elusive and complex area even for security professionals. The range of #effective attacks against ML is wide, rapidly evolving, and covers all phases of the ML lifecycle — from design and implementation to training, testing, and deployment in the real world. The nature and power of these attacks are different and their impacts may depend not only on the vulnerabilities of the ML models but also the weaknesses of the #infrastructure in which the #AI systems are deployed. Section on GenAI attacks and mitigation reflects the most recent developments regarding these technologies and how businesses are using them. A new section, an index of attacks and mitigations, has been added to allow for fine-grain definition and navigation of attacks. This improves the usability of the guidelines and will promote efficient and consistent communication between practitioners and other stakeholders. #AISecurity Attaching the document.. Questions? Post below or contact me..

41

1 commento

While writing a material on Exploit Development and analyzing research from colleagues and friends, I noticed that each person follows a different methodology to reach a conclusion. However, they all start by achieving the minimum before reaching the expected impact. When we look for a vulnerability, we immediately want the greatest possible impact, however, noting the modus operandi of other researchers, we can notice a methodology that involves several steps before reaching the final objective. 1) What type of vulnerability and technologies are involved? Before anything else, it is essential to understand what type of vulnerability we are investigating. - What technologies does the service use? - How does it interact with other systems? - Are there any dependencies that could be exploited? 2) How does the system react to the first exploitation attempt? - Does it crash? - Does it return a useful stack trace? - Is there a flow control deviation? - Does it return sensitive data that can be exploited? - Is there a security mechanism blocking the exploitation? These questions can help define the approach to explore the vulnerability. 3) Gather detailed information before attempting a more aggressive exploitation. Many times, a methodical approach is more effective than trying an RCE or privilege escalation right away. Before escalating the exploitation, consider: - The software and operating system version. - The service permissions. - Specific configurations that may affect the vulnerability. 4) Bypass security controls one by one. If you are exploring a buffer overflow, you may encounter protections such as: - DEP - ASLR - CFI Therefore, understanding and implementing bypasses for these mechanisms is crucial. Additionally, research from other professionals can be extremely useful in helping bypass these protections. 5) Building the Proof of Concept (PoC) and testing. - Start simple. - Try a basic exploitation, such as printing a message on the system. - Gradually evolve until you reach the main goal. - Test in different environments to measure the success rate of the exploitation. These are the key points for effective research. I also remembered a tool called Exploit Pack, which follows this methodology and brings together a set of tools to identify vulnerabilities and build custom exploits all in one place. For those who can afford it, it might be an interesting tool. Link: https://exploitpack.com/ #redteam #cybersecurity #exploitdevelopment #vulnerabilityresearch

209

10 commenti