With the increased, and eventually complete, reliance on APIs in modern systems, as well as the quick decline of the monolithic architecture for systems and applications; it is becoming increasingly necessary to tackle and understand the various security issues, weaknesses and gotchas in API designs. Many products, platforms and technologies now expose an API or two (or many more), sometimes in decentralized and autonomous fashion. Where does security come in this new world of rapid build-up and teardown of microservices and serverless (functionality as a Service - Faas) architectures?
Sysmon Swimming Lessons for SOC folk and Hunt teams. AKA How not to drown in the deep end of the Windows internals enterprise ocean.
System Internals System Monitor (Sysmon) seems to be the silver bullet that the cybersecurity community has been waiting for in Windows environments. It is “free”. It allows for an almost forensic view through log analysis. It finally cuts down on the damn amount of log types in Windows! The reality is exactly what it often is in security: disappointing, fantastic, and complicated. Sysmon can be bypassed, modified, and even just turned off.