Evasion is Getting Easier?

This is a bit of an odd one. While on an assessment, I was tasked with evading detection from an external perspective. I noticed some weird things this industry is doing to make external evasion easier for us attackers. As usual, I could be entirely wrong. Noise Perhaps one of the largest issues when it comes to SIEM is noise. In other words, a ton of offenses that are false positives or not of any business concern. Generally speaking, this is where companies will 'tune' a SIEM. This involves creating rule sets, specifying thresholds, etc. When it comes to the…

Read More

Join EFF!