Tash Postolovski

Posts by

Tash Postolovski

Episode #009 - Threat Sharing Communities with Prescott Pym

Cosive Principal Consultant and CTI expert Prescott Pym discusses the how and why of threat sharing communities, including CTIS, the Australian Signals Directorate's national threat sharing program.

Podcast

Episode #008: Getting Started with Cyber Threat Intelligence (CTI) with Chris Horsley

Can one analyst with zero budget start a Cyber Threat Intelligence (CTI) program?Yes! In fact, you may already have started a small threat intelligence program without even realising it.In this interview with Cosive CTO and renowned CTI expert Chris Horsley we delve into the following questions on how analysts and teams can start a threat intelligence practice with limited resources.

Company News

Meet Prescott Pym, Principal Security Consultant at Cosive

In this interview, we sit down with Prescott Pym, a cybersecurity expert with over 25 years of experience in both government and enterprise sectors. Based in Canberra, Prescott has built a career around InfoSec, drawn to the dynamic challenges of the field since his early exposure to technology in the 80s. Now, as a consultant at Cosive, he helps organizations strengthen their security operations and CTI programs. Beyond his professional life, Prescott is deeply committed to his community and family, balancing a demanding career with personal growth. In this conversation, he reflects on his journey, shares insights into the cybersecurity industry, and offers advice for those looking to break into the field.

Company News

Cosive hires ex-Deloitte Prescott Pym as Principal Consultant

Security operations and cyber threat intelligence firm Cosive has appointed Prescott Pym as a Principal Security Consultant.

Threat Intelligence

Using MISP Bookmarks with Workflows for Team Coordination

Have you tried the Bookmarks feature in MISP yet? It’s much more powerful than you might think. Bookmarks are incredibly useful because within a team, we need to know what to take action on from all the new MISP events that come in over the last 24 hours. MISP bookmarks give us a way to save searches that help us isolate the signal from the noise. Paired with the Workflow features, they give us some powerful options to get our team on the same page.

Threat Intelligence

The Opportunity Cost of Self-hosting MISP

A term with origins in macroeconomics, opportunity cost is the hidden cost of choosing one course of action over another, when both cannot be chosen at the same time. Opportunity costs are not always financial. For example, the opportunity cost of playing video games instead of going for a hike are the benefits you’d have likely gained from hiking, such as improved fitness and mental health. Security teams also incur opportunity costs whenever they pick one way to spend their time and resources over another. The opportunity cost of self-hosting and maintaining MISP is the additional time and brainpower teams could have otherwise spent gathering and leveraging usable threat intelligence and enhancing their organisation’s security posture.

Malware Analysis

Assemblyline 4 Services: A Guided Tour

Assemblyline 4 is a popular open-source private malware repository. Arguably the most powerful feature of Assemblyline 4 is the capability to chain services together for comprehensive and highly customisable artifact triage and analysis. Each Assemblyline service performs a specific function (similar to the “microservices” pattern often used in software architecture). These services can be chained together to process files, extract relevant information, and evaluate potential threats. In this guide, we’ll dive into Assemblyline’s most useful managed (built-in) services you can incorporate into your analysis workflows.

Malware Analysis

The Rise in Unique Malware & How to Defend Against It

While commodity malware is designed for general use against a broad range of targets, unique malware is designed for specific, targeted attacks against an organisation, facility, or individual. Unfortunately, the use of unique malware appears to be on the rise, with the latest BlackBerry Quarterly Global Threat Intelligence Report white paper showing a 70% increase in unique malware samples associated with attacks against BlackBerry Cybersecurity customers. In this article, we’ll explore the threat of unique malware, steps organisations are taking to fight it with the help of tools like Cosive’s MalwareZoo, which is purpose-built to privately store and analyse sensitive, targeted malware.

Company News

Cosive's 2023 Year in Review

A brief look back on what we achieved in 2023, including two major industry trends and some personal and professional highlights from four Cosive team members.

Podcast

Episode #007: How the NZITF Improves New Zealand's Security Posture with Terry MacDonald

New Zealand Internet Taskforce (NZITF) chairman and Cosive COO Terry MacDonald speaks on all things NZITF, including what the NZITF does, why it was created, and how to get involved. You can see Terry in-person at the NZITF conference on the 13th and 14th of November, 2023.

Company News

Cosive Claims First Bounty on the Bluehat Threat Detection Platform

Cosive co-founder and Managing Director Kayne Naughton has claimed the first ever threat detection bounty on the recently launched Bluehat Platform, brainchild of Australian cybersecurity startup Illuminate Security.

Podcast

Episode #006: Securing Medical Devices with Emily Etchell

Ever wondered how medical devices like pacemakers, ventilators, and cochlear implants are protected from threat actors? Emily Etchell is a Security Consultant at Cosive. Previously, Emily worked for Australia's Therapeutic Goods Administration (TGA), focusing on how medical devices can be kept safe from malicious actors. Emily shares her experiences in this podcast, explaining some of the challenges involved with securing medical devices, and how they're currently being overcome.

Company News

Cosive Partners With Feedly for Threat Intelligence

Cosive has partnered with Feedly! In this post, we’ll talk about how Feedly for Threat Intelligence helps cyber threat intel (CTI) teams collect, prioritise, and share threat intelligence into their tools and why we like it so much here at Cosive as CTI specialists.

Podcast

Episode #005: Security-focused Code Review for Software Developers with Sid Odgers

Cosive's Software Development Lead, Sid Odgers, is a cybersecurity expert who spends his days building secure software. In this podcast you'll learn how Sid approaches code review to make sure that all code shipped to production is secure as well as high-quality. The checklist and tips shared here are language agnostic and will be of use to any software developer who wants to get better at security.

Podcast

Episode #004: How ChatGPT Could Transform the CTI Analyst Role with Chris Horsley

Cosive CTO Chris Horsley conducted early experiments using ChatGPT to help assign ATT&CK IDs to threat intelligence reports. While the tool won’t replace an experienced analyst as of today, it will likely change the way we do this kind of work.

Podcast

Episode #003: Securing REST API Endpoints (or How to Avoid Another Optus) with James Cooper

Unless you have been living in a cave on Mars with your eyes shut and your fingers in your ears for the past few weeks, you have probably heard something about a data breach at Australian telecommunications giant Optus.As security mistakes go, the vulnerability reported to have enabled the attack leans toward the more embarrassing side of the scale. If reports are true, Optus has effectively exposed customer data on an endpoint available to the entire internet.While it is plausible that a developer will forget to (re)secure an endpoint once they finish their development work, there are multiple practical steps you can take to catch or mitigate the problem.

Podcast

Episode #002: Building Production-worthy Software in SecOps Teams with Chris Horsley, CTO at Cosive

Before jointly founding Cosive with Kayne Naughton and Terry MacDonald, Chris Horsley (Cosive’s CTO) spent many years working in national CSIRTs in both Australia and Japan, as well as doing freelance secure software development for operations teams. In this interview Chris talks about the challenges of building software and writing critical automation scripts in SecOps teams.

Podcast

Episode #001: What Goes Wrong in Threat Intel Programs with Kayne Naughton, MD & Co-founder at Cosive

In this interview Cosive’s Managing Director Kayne Naughton shares what he’s learned about threat intelligence programs throughout his career in vulnerability development, SysAdmin and working on threat intel in the financial sector. Kayne is one of the co-founders of Cosive. Founded in 2015, Cosive specialises in trying to solve the difficult problems in security for Australian and New Zealand organisations.

Anti Phishing

Anti-phishing Strategies to Defend Your Organisation

If you feel like your phishing response team has been seeing more attacks than ever before, you’re not alone. The frequency of phishing and spearphishing attacks appears to be ever-increasing as people conduct more of their work and personal lives online. This post will cover the state of the art in anti-phishing techniques, with a focus on strategies that SOC teams, anti-phishing teams and fraud teams can use to defend customers against phishing attacks, and staff against spearphishing attacks.

Company Culture

Meet David Zielezna, Principal Consultant at Cosive

David joined Cosive in 2021 after five years with the Australian Communications and Media Authority (ACMA) and eight years with the Australian Federal Police (AFP). David’s career has spanned many areas of cyber security, from fighting spam and securing the Australian IP address space all the way through to cyber crime investigations and assisting with the prosecution of cyber crime offences. Outside of cyber security David is an avid chef, producing home made charcuteries, ferments and all things delicious.

Company Culture

Meet Emily Etchell, Security Consultant at Cosive

Like many of us in this space, Emily Etchell didn’t start her career in cybersecurity. Instead, Emily began her career in biomedical engineering, designing and building medical devices. Next, Emily started to learn about and work on securing medical devices. And that’s where Emily’s journey into cybersecurity began. Several years later, Emily is now honing her skills in reverse engineering at Cosive.

Threat Intelligence

Cyber Threat Intelligence (CTI) Crash Course

Cybersecurity is such a broad domain with so many different areas of expertise that it’s tough to be across them all.We all have known unknowns in the field, and none of us can be experts in everything.That’s why we’re kicking off our “Crash Course” series, where we’ll be diving into different areas of cybersecurity and answering the most common questions about the field.

Company Culture

Meet Chris Horsley, CTO at Cosive

Chris co-founded Cosive seven years ago, alongside Kayne Naughton and Terry MacDonald and serves as the company’s CTO. In this interview we sit down with Chris to cover his cybersecurity origin story, his time working in incident response in Japan, and the founding story behind Cosive.

Threat Intelligence

Establishing a Threat Intel Program: Principles for Security Leaders

One of the more frequent conversations we have with security leaders is how to establish a new threat intelligence program in their organisation. In these conversations there are a few basic principles that we cover because they’re applicable to almost everyone. We’re sharing these principles publicly so that more organisations can learn about our threat intel philosophy and avoid the most common mistakes that can lead to failed programs.

Threat Intelligence

How ChatGPT Could Transform the CTI Analyst Role

The interview in this post is taken from Episode 004 of the Cosive Podcast, where Cosive CTO Chris Horsley sat down with Tash Postolovski to talk about the implications for AI tools like ChatGPT on the future of the CTI Analyst role.

Threat Intelligence

7 MISP Best Practices: Lessons from Effective Threat Intel Teams

MISP is a powerful open source threat intelligence and sharing platform used by countless SOC teams around the world. Getting a barebones MISP instance up and running is well within the skill-set of most SOC teams. Download MISP, run it on a VM, and log in to the MISP admin console using default credentials… all within about 10 minutes. That part is easy. Now for the hard part: how do you get from a barebones MISP install to actually using MISP to solve real-world cybersecurity problems? Making that leap can be much more complex and challenging than it may seem on the surface.

Threat Intelligence

What is MISP? The Ultimate Introduction

We have extensive experience working with MISP at Cosive. We also offer a managed MISP service. Based on this expertise, we’ve put together this ultimate guide for anyone who wants to understand more about what MISP is, what it does, and how to use MISP.

Security Operations

Building Production-worthy Software in SecOps Teams: An Impossible Challenge?

Before jointly founding Cosive with Kayne Naughton and Terry MacDonald, Chris Horsley (Cosive’s CTO) spent many years working in national CSIRTs in both Australia and Japan, as well as doing freelance secure software development for operations teams. In this interview Chris Horsley (CTO at Cosive) talks about the challenges of building software and doing development in SecOps teams.

Threat Intelligence

What Goes Wrong in Threat Intel Programs

Company Culture

Meet Shanna Daly, Principal Consultant at Cosive

Shanna Daly (she/her) is the newest member of the Cosive team, bringing with her over two decades of experience in information security, digital forensics, and incident response.

Anti Phishing

Automating Anti Phishing Canary Credentials at Scale

In part 1 of our mini-series on canary credentials, we talked about what canary credentials are, why to use them, and how to use them well. It’s highly recommended to read part 1 first. So, let’s assume you’ve had some early success in manually using canary credentials in limited numbers - great! Now you’re looking to take your next steps. Arguably, the most powerful way to land a blow against phishing attackers and deter future attacks is using canary credentials at scale via automation. Here’s why.

Anti Phishing

How to Disrupt Phishing with Anti Phishing Canary Credentials

The traditional response to a phishing attack is to issue a take-down request and wait for the site to (possibly) be yanked offline. Take-downs, while necessary, just don’t hit phishers where it hurts - they still harvest plenty of stolen credentials while the site is up. In light of this, security teams are looking for new, more effective ways to fight back against phishers. Rather than be reactive, we want to disrupt phishers’ operations. A strategy rapidly gaining in popularity is the use of credential poisoning techniques, utilising what are referred to as ‘canary credentials’.

Engineering

Why Rust is Worth the Struggle

The Rust programming language sent ripples through the programming community when it was first released in 2015, promising the blazing speed of lower-level programming languages without the accompanying sharp edges. Four and a half years on, many programmers still view Rust with a mix of intrigue and trepidation due to its appealing premise and notoriously difficult learning curve. We sat down with one of Cosive’s Senior Developers, Sid Odgers, to talk about why he believes more programmers should take the plunge and learn Rust.

Company News

Cosive Takes 2nd Place at Splunk's 2019 AU & NZ Boss of the SOC Day

For the second year in a row, Cosive have finished in 2nd place AU & NZ-wide at Boss of the SOC Day, a massive cyber security capture the flag (CTF) competition involving hundreds of competitors.