We’re back after the weekend in Helsinki, and the office is resonating with Disobey-stories ranging from audit daemon to parties featuring Borat-swimsuits. Rumours about this event being great reached us long ago but a sincere bow to the organisers - it truly is one of the content-richest and crowd-vibrant infosec events in the Nordic region.
To get you in the mood, here's what happened before each main stage presentation. Video credits: @_kurimo_ (turn the bass up!):
Binging the CTF seemed like the central goal for a lot of folks at Disobey, the tables and cables were indeed crowded. Their passion was contagious because after spending some time as the fanbase of team Clarified Security, our CEO Renee decided it’s time to dig in. Thanks for the USB -> ethernet adapter, friends. Though we were too late and too few to put us onto the pedestal, it was fascinating to stroll around in the CTF machines using SpectX and figuring out what the organisers had had in mind. For example:
1. Get the
-----ORTVA BCRAFFU CEVINGR XRL----- ….
2. Execute
SELECT ROT13('-----ORTVA BCRAFFU CEVINGR XRL-----...')3. Use the key to configure a DataStore in SpectX.
4. Execute
Execute LIST('ssh://brutus/**************/*').....5. List all the files changed manually before 11 January (the first day of Disobey):
Introducing SpectX Business
SpectX log parser and query engine for instant log investigation and query automation is now available for smaller teams and organizations. Starting at 79€/month, the Business license introduces several opt-in features for analyzing raw log files stored in file servers, S3, Azure, Google Storage, Elastic clusters and databases.
Collecting and Analyzing Google Workspace Audit Logs
What's the most accessed publicly shared document in your Drive? How many documents per user were downloaded during the past month? Where are all those calendar (spam) invites coming from? If your business relies on Gmail, Docs, Drive, Calendar, Meet and other products from Google, the answers to these questions lie in Google Workspace (formerly G Suite) audit logs.
What to Search from your Office 365 Audit Logs?
Here’s a guide on quickly accessing and running advanced queries on your Office365 audit logs with your desktop computer and the free edition of SpectX. Whether you need to know more about logins, accessing, editing, deleting files - O365 logs are the data to go to. The query examples we've prepared will give you a broad overview of user activities and zoom into the suspicious. If you're in the incident response phase, you can use the queries to learn the details.
Analyze Cloudfront Logs in S3
SpectX gets you instant insights into your web resources served by Cloudfront. Download the free desktop edition to your computer to parse and query the S3 bucket storing your log files. Follow the steps below and run the query examples to get a general overview or specific questions answered in minutes. The example queries are also included in the SpectX Github query pack.
