County pays $600,000 to pentesters it arrested for assessing courthouse security Settlement comes more than 6 years after Gary DeMercurio and Justin Wynn's ordeal began.

I’m gonna need a copy of coalfire’s contract template since it’s battle tested and held up in court 😆

arstechnica.com/security/202...

AI can help build C2s and payloads, but often this seems to be the case.

New Octowave Loader sample is leading to Amatera Stealer deployment over the past week.

0 VT detections on any component of the malware loader.
Proofpoint rules detect the outbound C2 traffic.
My Yara rule detects the installer.

This seems like a project to watch 👀

How to properly evaluate a CVE score:
1. Is Gossi freaking out?
2. Is Florian freaking out?
3. Does SANS have an emergency webcast?
4. Are all your red team friends losing their minds over how crazy easy it is to give them awesome access.

Well the other thing is, I’m pretty sure they were getting bounce back emails for like 3-6 years and didn’t noticed the email was no more…

Every marketing email I’ve ran into in this research project has some tokenized unsubscribe link, but they don’t even offer that.

I can’t make this up. I bought an expired MSSP domain, and set up mail forwarding for all emails. I’ve tried to unsubscribe from getting an ISAC’s TLP Amber emails but they wont stating I must, “email from an email associated with the ISAC account receiving these emails.” 🤦‍♂️

I checked out the #ZeroDay series on Netflix and I think this depiction of events would take too many coordinated attacks. The Russian targeting of Ukraine with Blackenergy and Industroyer is more realistic to what happens. The scenes I saw more resemble an EMP attack.

Chinese team finds coronavirus that could infect humans via same route as Covid Research was led by Shi Zhengli, a virologist known as the ‘batwoman’, who is best known for her work on coronaviruses at a lab in Wuhan.

Stock up toilet paper now! 😂

www.scmp.com/news/china/s...

Probably because most small and medium sized app businesses are just that 🤷‍♂️

Most start ups have a base and then duck tape on as fast as they can to make sales happen. By then, it’d eat up too much revenue to rebuild the code right.

This is why I think TTP count is a terrible metric. You either detect the procedure adversaries use or you don’t, this count of 4 for whoami /all is meaningless in most cases.

Before rushing to secure GenAI, make sure your DevSecOps and AppSec foundations are solid. GenAI is just another piece of the application stack. Security fundamentals are crucial. To help understand it, GenAI vulnerabilities are a lot like SQL vulnerabilities.

Interesting talk today by @wietzebeukema.nl. Make sure you follow him and check out his GitHub too.

Excellent comparison chart:

argfuscator.net/entries/comp...

argfuscator.net

Today at WWHF Wietze is dropping Invoke-ArgFuscator 👀

t.co/b4Agg3nveJ

BSides Tampa 2025 TAMPA BAY'S PREMIER IT SECURITY CONFERENCE. BY THE COMMUNITY. FOR THE COMMUNITY. 40+ Speakers | 7 Tracks | 1000+ Participants

🚨 Last day to submit a CFP ‼️
Get yours in ASAP. Last year saw nearly 2,000 registrations. This is one of the best B-Sides in the world. Oh and did I mention you can visit beautiful Florida beaches during your trip in May?

events.bsidestampa.net/BSidesTampa2...

Who’s going to WWHF Denver?

Heard this on a podcast and it really resonated with me.

bart simpson is looking at a cake that says at least you tried ALT: bart simpson is looking at a cake that says at least you tried

Contrary to popular belief, piping IOCs to your SIEM does not mean you’re making CTI actionable.

I’m head to Breck Friday and skiing Saturday-Sunday.

One of the best career tips I can share is to care about the people you work with. Not everyone will be receptive, but those who are can become invaluable connections in your career journey—and in life.

One piece of advice to give new SOC analysts is to have humor.

Working alerts in a SOC is a high stress environment and the grind never stops, so find ways to laugh and enjoy who you work with.

Just a friendly reminder that you can hunt in datasets that are outside your organization.

Purple Team metrics can be tough and conflated with BAS testing so here’s a few, but feel free to add your own in the comments.
1. Engagements with SOC per year/quarter.
2. Intel leads tested.
3. Custom tests to verify detection logic.
4. Request for testing completed %

One of the quickest GenAI use cases you can do in your SOAR is to auto enrich command lines associated with an alert by adding an explanation of what the command is doing. This boost productivity and situational awareness of the analysts.

As a Bucs fan, I disagree lol

This is approaching gross negligence, leaving a public facing back door open 🤯 :
“gained initial access through a web shell left from a third party’s previous security assessment”

www.cisa.gov/news-events/...

Three fundamental questions you should ask before purchasing a SOC another enterprise tool are:

1. Does it reduce risk by uncovering previously undetected activities?

2. Does it enhance productivity?

3. If the answers to both of the above are no, then where is the potential return on investment?