Dan

#Malware detection can be challenging due to anti-analysis techniques. #Backscatter, by the Mandiant FLARE team, offers fast static analysis to extract IOCs, helping teams stay ahead of attackers. 🔗 Learn more: bit.ly/3WknAdT #GoogleSecOps #GoogleThreatIntelligence

A guy wanted to adopt a cat, but he wouldn't leave his brother's side, so he had to take both of them.

"One of the highest tariff rates, 50 percent, was imposed on the African nation of Lesotho, whose average citizen earns less than $5 a day. Because Lesotho’s citizens are too poor to afford most U.S. exports, while the U.S. imports $237 million in diamonds and other goods from…

The amount of people in the replies that can not read is insane, all too quick to jump on someone without understanding.

On a recent Incident Response case, while working through the timeline of a compromised server, I discovered two failed logins (Security Event Logs, EventID 4625) coming from a bogus-looking workstation name. In our case, M0PiKq77YTWxWQAP. A few seconds later, a second failed…

Attackers using axios hate this one weird trick learn.microsoft.com/en-us/entra/id…

Torn on sharing this, but I think it's important everyone be aware The Office 365 Management Activity API is awesome, but it's also an incredible persistence location to monitor a victim that is almost invisible once set up Let me explain how it works and what to look for ;)

😂

Someone asked me about what you should focus on learning for MS Cloud IR the other day. I forgot to add one of the most important things: in depth understanding of authentication and authorization protocols. You can learn as you go but some key things to focus on: - Oauth2 -…

Doesn't really seem to be anything of consequence, I suspect this is already provided to CrowdStrike customers

Whatever comes from the CrowdStrike outage, I wish the same level of focus was on ransomware. Everyone is upset because it was a large scale outage across various companies, but this sort of thing has been happening for days or weeks at a time across companies for years now.

Half of humanity just learned what an EDR is, and suddenly they start suggesting that they don't require kernel access and drivers are unnecessary. OS architects and kernel experts were born overnight...

Jesus Ryan you were not wrong this caused nightmares! Seriously please advise everyone you know to do this or suffer. arstechnica.com/security/2023/… @GossiTheDog @NathanMcNulty @fabian_bader @UK_Daniel_Card tagging for visibility/reshare. Long story short this made DC’s at…

This is wild

I'm gonna start calling this THE FABULOUS FOUR! 😂

Active Directory Hardening Series - Part 1 – Disabling NTLMv1 - Microsoft Community Hub techcommunity.microsoft.com/t5/core-infras…

VPN services

My company @ogSecConsulting has partnered with @zeropointsecltd to create some essential report writing training. It will not just boost your writing skills but also the efficiency & quality of your assessments. Check out what's covered in the course here: training.zeropointsecurity.co.uk/courses/the-ar…

I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager that can be run with Read-only Analyst privileges or higher in SCCM. Please share with your IT admins, defenders, clients, assessors, and friends in infosec! posts.specterops.io/rooting-out-ri…