Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Microsoft Azure Achieves FedRAMP JAB P-ATO”, 2) “Webcast on New Features in REMnux v4 Malware Analysis Distro”, and 1) “Learn the Tradecraft of Red Team Operations” If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
Unofficial CitySec Reddit Site: Given our interest in meetups we came across this great wiki page on Reddit that covers a fairly complete list of CitySec events. They note that the list is “unofficial” however since the original domain has long been abandoned and overrun with foreign characters, it’s probably as official as you’ll get. Of course the standard ones around DC, CapSecDC and CharmSec, are there. Most CitySec events are US only however a few international ones exist as well. Next task for us is to probably submit NovaInfosec East and West I guess. From the looks of it, Chicago seems to do this as well. Are there any other CitySecs out there? Let us know in the comments below. (continued here)
Microsoft Azure Achieves FedRAMP JAB P-ATO: Following Amazon from last May, Microsoft is finally on board as a FedRAMP validated supplier. Nothing really too interesting here besides another one of the big “cloud” boys joining in for all those lucrative government contracts … that is if the government ever opens again. To see a complete list of all approved cloud providers, check out GSA’s FedRAMP Compliant CSPs page. And yes … they didn’t take their website down like NIST. Other recent FedRAMP approved additions include Akamai and AT&T. (continued here)
Webcast on New Features in REMnux v4 Malware Analysis Distro: I am a huge fan of REMnux as you can tell from some of my prior posts (here, here, and here). Lenny gave this webcast on version 4?s new features in late August and I unfortunately missed it. Thankfully, SANS recently published the session on their YouTube DFIR Webcast channel and I just wanted to share it out to everyone interested in malware analysis as well. (continued here)
Learn the Tradecraft of Red Team Operations: Rapheal Mudge (aka @armitagehacker) recently published this great series of nine videos on learning the tradecraft of red team operations. Totaling over 4 hours, and just a bit of a sales pitch for Cobalt Strike, not only does it explain how to execute a targeted attack but also provides invaluable knowledge to understand from a defender’s perspective. Know of any other good videos to cover? Let us know in the comments below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!