Upgrading from Red Hat Enterprise Linux (RHEL) 8 to RHEL 9 in an offline environment requires two main stages: first, upgrading to the latest RHEL 8 version (8.10), followed by upgrading from RHEL 8 to RHEL 9. This guide will walk you through the necessary steps for each part of the process, addressing potential issues along the way, and is specifically designed for an offline upgrade using local ISO images.

Yesterday, I had a meeting with an international consulting firm about the Digital Operational Resilience Act (DORA), which officially comes into effect tomorrow on January 17, 2025. This new regulation will significantly impact banks worldwide that have branches in Europe. Among its many requirements, it introduces something that caught my attention: Threat-Led Penetration Testing (TLPT). But what is TLPT, and who needs It? Simply put, TLPT is a type of red teaming .

Introduction Threat modeling can feel intimidating, especially if you’re unsure where to begin, don’t know the right tools, or are unfamiliar with the methodologies. In this article, I want to present the concept and apply it to a real-world scenario to demonstrate its value. But before we dive into the example, it’s important to address some questions why threat modeling is essential and why it often gets neglected despite the benefits.

While I explained in my previous article how to collect Windows Event Logs which already provide some valuable insights, it is fair to say that they often lack the depth needed for effective threat detection and analysis. This is why deploying Sysmon is the next step in advanced threat hunting. Sysmon Overview Sysmon is both a Windows system service and a driver from Microsoft SysInternals that monitors and logs detailed system activity, such as process creation, network connections, and file creation time changes, even across reboots.

As a security engineer with some experience in GRC, even though it is not my primary focus in my day to day work, I believe that some cybersecurity frameworks knowledge helps security engineers take a step back and better prioritize their efforts. Today, I would like to present the NIST Cybersecurity Framework (CSF) 2.0 as one of the most widely used frameworks. Whether you’re new to the CSF or have been using it for years, this overview will walk you through what it encompasses, its recent update, and how you can leverage it to enhance your organization’s cybersecurity.

Introduction Collecting Windows Event logs is crucial for maintaining a secure and well-monitored IT environment. Whether it’s tracking user logins, monitoring changes to critical systems, or detecting potential security threats, Windows event logs provide the detailed visibility you need to understand what’s happening across your network—especially on critical machines like Domain Controllers (DCs). Without these logs, you’re basically flying blind when it comes to identifying issues or investigating incidents. In this guide, I’ll walk you through how to properly set up Windows event logging so you can capture and forward these logs to your SIEM, it can be Splunk, ELK, or any other platform of your choice.

Introduction Lately, I found myself called on an incident where a critical security application was running on a Red Hat Enterprise Linux (RHEL) server. The disk had become fully saturated, causing the application’s unavailability. This was a cool, refreshing session of Linux commands for disk and partition manipulation. The / root partition was full, but the /home partition had plenty of unused space. In this scenario, I needed to reduce the size of the /home partition and reallocate some of that space to the root partition.

It has been 3 months since I moved from the tech industry to the banking sector, and here is my take on Swiss private banking cloud security. This article condenses what I have learned so far about the various regulations that apply to the Swiss private banking sector and its challenges around data confidentiality. Transitioning from a software company, where the main risk was supply chain attack, to a private bank, where client data confidentiality is the main concern, has been an eye-opening experience.

Introduction: Understanding MITRE ATT&CK Navigator The MITRE ATT&CK Navigator is a powerful tool that helps cyber security professionals visualize and navigate the extensive ATT&CK matrices. It provides a customizable interface to map out and understand the tactics, techniques, and procedures (TTPs) used by threat actors, making it essential for threat profiling, defensive coverage analysis, and strategic planning. Users can create layers either interactively or programmatically and manipulate cells in the matrix with color coding, adding comments, assigning numerical values to techniques (scoring), etc.

When looking for Endpoint Privilege Management (EPM) solutions, there are not a lot of options out there. The main market players are CyberArk, BeyondTrust, Delinea (previously Thycotic) and the Microsoft Intune Endpoint Privilege Management. The best solution may differ based on the operating systems, organization size, industry, and whether the company has many developers needing admin access. These factors can also affect the implementation difficulty. What is an EPM software? An EPM software allows you to remove local admin rights on end-user devices and control which applications can be run as standard user, with elevated privileges/as admin or should be blocked.