September 27, 2023 By Abraham Cueto Molina 3 min read

Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America.

IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that X-Force responded to, followed by Colombia with 17% and Mexico with 8%. Peru and Chile split the remaining 8% of incidents.

In the face of rising incident volumes, the cybersecurity professional shortage is still a serious issue. According to the (ISC)2 Cybersecurity Workforce Study 2022, 3.4 million trained cybersecurity professionals are needed worldwide to deal with all of the cybersecurity attacks and help organizations minimize the impact of cybersecurity breaches.

As the talent shortage continues and threat actors refine their methods, cybersecurity professionals rely on a wide range of tools to stay ahead. There are paid commercial tools and free, open-source tools corresponding to a varied ecosystem of utilities designed in different programming languages (Python, Perl, Bash, PowerShell, etc.). These tools enable the automation of tasks to preserve and analyze artifacts related to forensic analysis and incident response, such as random-access memory (RAM), event logs, network connections, browsing histories, cache and more

One such tool is Tequila OS 2.0.

What is Tequila OS 2.0?

Students from the National Autonomous University of Mexico developed Tequila OS 2.0, the first Linux distribution in Latin America, specializing in performing forensic analysis in Spanish.

Image 1: Tequila OS 2.0

Tequila OS 2.0 is based on GNU/Linux and is easy to use. All users have to do is download the file with an ISO extension, create the virtual machine and run it. Alternatively, the user can download the files to run directly in a virtualization tool and enter the following credentials:

  • Username: “forense
  • Password: “unam

Once the Tequila OS 2.0 desktop is authenticated, it displays the following screen:

Image 2: Tequila OS 2.0 desktop

Tequila OS 2.0 Forensic Analysis Tools

Tequila OS 2.0 contains different tools that can perform forensic analysis and incident response, which are found in the “/Forense/” folder.

Image 3: Tequila SO 2.0 distribution tools

The tools are classified into different folders, each containing software such as Autopsy Forensic, Foremost, MyRescue, PhotoRec, Volatility, Exiftool, Metacam, Wireshark, Ghex, Galleta, Hashcat, ClamAV, Yara, Ophcrack, Jhon and Veracrypt, to name a few.

The main advantages of using Tequila OS 2.0 are:

  • Number of tools: Tequila OS 2.0 has around 60 tools for analysis and response to cybersecurity incidents.
  • Constant updates: The developers offer regular updates free of charge.
  • Automatic assembly: One-click mounting and unmounting of storage media are quick and easy.
  • Manuals in Spanish: Within the distribution itself, manuals in Spanish provide useful guides for all the tools.
  • Minimum memory requirement: Tequila OS 2.0 requires less than 1 GB of RAM to run.
  • Compatibility: Tequila OS 2.0 is compatible with any virtualization software.

As part of the Tequila project, an additional set of tools called Agave performs incident response in a Windows operating environment. To learn more about Agave and its incident response capabilities, check back for our future articles digging into its exciting potential.

Tequila OS 2.0 has proven to be the only one of its kind in Latin America as it is primarily focused on cybersecurity incident response activities. Over the course of its evolution, Tequila OS 2.0 has a higher stability compared to its predecessor, a more intuitive user interface, optimized performance, manuals in Spanish, more than 60 tools for cybersecurity incident response analysis, and it is compatible with any virtualization tool. These aspects make Tequila OS 2.0 an attractive Linux operating system option for all types of users in Latin America — and the world.

More from Incident Response

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

SIEM and SOAR in 2023: Key trends and new changes

4 min read - Security information and event management (SIEM) systems remain a key component of security operations centers (SOCs). Security orchestration, automation, and response (SOAR) frameworks, meanwhile, have emerged to fill the gap in these capabilities left by many SIEM systems. But as many companies have begun reaching the limits of SIEM and SOAR systems over the last few years, they have started turning to other solutions such as extended detection and response (XDR). But does this shift spell the end of SIEM…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today