Aura

Interesting technique and developing I would say. 2 quick #KQL queries out for #MicrosoftSentinel and #MDE if you want to hunt for it. github.com/SecurityAura/D… Can be adapted to look for cmd.exe probably as well or other interpreters, binaries, etc. Will update as we go.

Fun fact: I actually know where that exact PFK is 😂 smoll world (or smoll Québec)

I don't even speak that language that I know what's going on ❤️ reddit.com/r/PowerShell/s…

For orgs running MDE/Microsoft Defender as primary solution, you basically have another attack surface to cover: 3rd party AV or EDR being installed and registered in the Security Center. Which will put Defender in Passive Mode. Yes, even that bundled AVG Free will do that.

>enabling SSH on the ESXi hosts You ARE syslogging your ESXi hosts to a SIEM and alerting on this behavior aren't you? If not, you ARE alerting on the root account password being reset, right? Right? ... Right? Please say I'm right.

Meme'ing aside, do not underestimate the power of naming conventions for stuff such as systems, accounts, services, tasks, etc. There is SO many detection and/or hunting possibilities you can/could unlock if you were to just ... name things properly.

Looks like it was the perfect time to start my 6 weeks summer vacation. Not that I would've seen much action, all our clients using Microsoft 365 and all 😞

Hey @grok is looking for indicators of compromise (IOCs) in a SIEM or EDR considered Threat Hunting, or not?

Alright, enough playing around, time to get to the main course. @grok Who are the top 10 InfoSec shitposters on X?

I thought Twitter/X was a safe space from the B2B SaaS LinkedIn stuff. Where will I go now.