Uncategorized

BindPlane On-Prem Architecture for Google SecOps

/ / Cyber Diary, Uncategorized

In this post I want to discuss BindPlane architecture, specifically, the on-prem architecture for routing logs to your Google SecOps SIEM. BindPlane, at a high level, is a telemetry pipeline (built on top of the OpenTelemetry framework) that is designed to collect, refine and export logs, metrics and traces from any source to any destination. […]

BindPlane On-Prem Architecture for Google SecOps Read More »

Quick Assist Detection

/ / Uncategorized

Last month I wrote an article about the Ransomware group Black Basta and how they had been leveraging Remote Desktop tools like TeamViewer, AnyDesk and more notably Quick Assist, which is Microsoft’s own Remote Desktop utility. In general it is strongly recommended to block such apps if there is absolutely no business need to have

Quick Assist Detection Read More »