π¨ ITβS TOMORROW! π¨
Join us for an electrifying talk on WiFi Attacks by David & Jason. at our next 0xCoffee PTA meetup!
Reminder: 0xCoffee PTA is now a regular hangout-same time, same place, every second Tuesday of the month.
π Next meetup:
π
Tuesday, 8 April 2025
β° 7 PM β 9 PM
π Rock@88 Moreleta
Investigation Scenario π
An employee was terminated for moonlighting with a competitor. While reviewing their Windows laptop, you find Slack is installed.
What do you look for to investigate their Slack use and if an incident occurred?
#InvestigationPath #DFIR #SOC
Because 0! =1
The equation becomes simplified as 2^2 x 2^2 = 4 x 4 = 16. Seems rather straightforward.
Microsoft's first post on Bluesky and it's full of bliss
The SANReN CSC challenge was a massive success this year thanks to Dendrite Cyber security, @mathworks.bsky.social , @ocd-cert.bsky.social.
A special thanks to @pawnstarza.bsky.social from Elastic for joining in the fun and teaching the students how to pick locks.
![alert tcp any any -> any [139,445] (msg:"ET CURRENT_EVENTS [Fireeye] M.HackTool.SMB.Impacket-Obfuscation.[Service Names] M9"; content:"|ff 53 4d 42|"; offset:4; depth:4; content:"|57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 20 00 20 00 55 00 70 00 64 00 61 00 74 00 65|"; distance:0; fast_pattern; reference:url,github.com/fireeye/red_team_tool_countermeasures; classtype:trojan-activity; sid:2031308; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_12_08, deployment Perimeter, signature_severity Major, updated_at 2020_12_08;)](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:vofpn6dsqirtoehz64g4pac4/bafkreicwqg3qzrryi3qrqzkusjqy5weapxs7c2wc3imusdwx2xdr5ggt5m)
alert tcp any any -> any [139,445] (msg:"ET CURRENT_EVENTS [Fireeye] M.HackTool.SMB.Impacket-Obfuscation.[Service Names] M9"; content:"|ff 53 4d 42|"; offset:4; depth:4; content:"|57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 20 00 20 00 55 00 70 00 64 00 61 00 74 00 65|"; distance:0; fast_pattern; reference:url,github.com/fireeye/red_team_tool_countermeasures; classtype:trojan-activity; sid:2031308; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_12_08, deployment Perimeter, signature_severity Major, updated_at 2020_12_08;)
Investigation Scenario π
You received the depicted Suricata alert related to Impacket usage.
What do you look for to investigate whether an incident occurred and its extent?
#InvestigationPath #DFIR #SOC
For all those that are attending BSides Cape Town
CHALLENGE DROP #1
Surprise! Our first, introductory CTF "Event Horizon" presented by TryHackMe, is live!
Stretch your fingers, sign up on the TryHackMe website & get cracking.
Join in the challenge here:
tryhackme.com/jr/beyondthe...
Meme: flowers running around like crazy. Man: DID YOU PUT COFFEE GROUNDS IN THE COMPOST? Woman: YES, WHY?
Good morning world βοΈ
This sound is etched into my memory for the rest of time
It has been a crazy year thus far, but luckily, I had my faithful Spark next to me all the way.
He went through a rough patch where one of his back vertebrae was replaced this year. But he has made a full recovery and is able to walk and chase dassies again.
Masks, by Shel Silverstein She had blue skin and so did he. He kept it hid, and so did she. They searched for blue their whole life through then passed right by and never knew. Cartoon drawing of two small people facing away from each other wearing enormous masks
A small starter pack of South African Hackers. Hopefully it grows.
go.bsky.app/UPwPToR