Talk about helping to build a better Internet -> har-sanitizer.pages.dev
Thanks @cloudflare.social 🔥
2 years ago
4
0
0
0
Posts by Daniel Stinson
Customer: Are we safe?
Okta: Give me a HAR and we’ll let you know when we find out from other customers.
Helpful context: www.beyondtrust.com/blog/entry/o...
Much less helpful context response: sec.okta.com/harfiles
2 years ago
4
0
0
0
I really believe that if your infrastructure can’t survive a user clicking a link, you are doomed. I’m the director of cybersecurity at NSA and you can definitely craft an email link I will click…
r.mtdv.me/TrustThis
2 years ago
15
3
1
1
My team is hiring for a new member of our D&R team based in 🇨🇦 www.brex.com/careers/6952...
I'm very biased but I think we're a great team in the D&R space across a production & corporate environment. Big fans of open sourcing projects, managing components via source control where possible
2 years ago
3
1
0
0
Some new 🔥 reporting on everyones least favorite threat actor by Permiso: 0ktapus, Scattered Spider, UNC3944, and STORM-0875 and now LUCR-3 👀
permiso.io/blog/lucr-3-...
2 years ago
0
0
0
0
All these security vendors are trying to define XDR (eXtended Detection & Response) but Apple has been using XDR screens for years and improving it in iPhone 15 🧠
2 years ago
1
0
0
0
Friday afternoons are a great time for releasing and deploying new software! 🔥🚀
Substation v0.9.2 is here: github.com/brexhq/substation/d…
In addition to a new bitmath inspector I wrote, this release brings some QoL improvements, let us know if you find use-cases for these additions. XDR onwards!
2 years ago
0
0
0
0
🔥 an at cost registrar, with WebAuthN support adding more domains to help migrate off of Google/Squarespace 👏
2 years ago
1
0
0
0
One of my biggest pet peeves within infosec is how people still refer to "knowing your network". In the era of cloud networks that really aren't yours, SaaS networks that definitely aren't yours... let's rebrand to "knowing your environment" which consists of: endpoints, SaaS, servers, and cloud.
2 years ago
0
0
0
0
Great reporting @philofishal.bsky.social on the many variants 👏 www.sentinelone.com/blog/apple-crimeware-mas...
2 years ago
2
1
0
0
Advertisement
More macOS stealers 👀
A simple detection for command lines w/ “security find-generic-password <chromium>” catches most 😂
iamdeadlyz.gitbook.io/malware-research/july-20...
2 years ago
1
0
1
0
I’m clearly a fan of them getting caught because it gives us a glimpse of some of the only nation state macOS targeting with a pretty high cadence recently (and we’ll I’m a defender so suck it hackers). Are other macOS attacks undetected or is 🇰🇵 the only targeting entity?
2 years ago
0
0
0
0
🇰🇵 operators seem brutally effective at getting to target environments directly (crypto scams, backdoored apps) and now more supply chain targeting (3CX, and JumpCloud)… do they not care about stealth if they accomplish their goals? 🤔
2 years ago
0
0
1
0
Latest hacking from the DPRK with macOS payload details 👀 Great reporting from the Mandiant team!
www.mandiant.com/resources/blog/north-kor...
2 years ago
0
0
1
0
Not sure how a UPX’d executable got a function named “setupsomething” through their agile code review 🤣
2 years ago
2
0
1
0
I had a great time in 2020 at OBTS v3.0 and hope to make the next one 🤞
2 years ago
1
0
1
0
The evolution through 8 versions and adding support for GCP & Azure is my favorite part of this series.
Inclusion of YARA based malware detection is great but would have loved CloudTrail and equivalent log based detection that defenders could use 🤞
2 years ago
0
0
0
0
Advertisement
☁️ intel blogs coming in from Permiso & SentinelOne today 👀
- permiso.io/blog/s/agile-approach-to...
- www.sentinelone.com/labs/cloudy-with-a-chanc...
2 years ago
2
3
2
1
Besides using it regularly to load and interrogate data - the Vertex blog is a great way to learn Storm recently 🔥
2 years ago
2
2
0
0
🔥 lineup coming for the Objective-by-the-Sea v6 conference all on macOS & iOS security: https://objectivebythesea.org/v6/talks.html
- 2 talks on DPRK malware analysis
- 1 talk from Kaspersky on Triangulation (🦅)
- ... and more on bug hunting across the OS and user applications!
2 years ago
4
0
1
0
2nd ever Apple Rapid Security Response update out for a WebKit bug (CVE-2023-37450):
iOS: https://support.apple.com/en-us/HT213823
macOS: https://support.apple.com/en-us/HT213825
2 years ago
6
0
0
1
Biggest question: how can I get a scaled down version for my home “cloud”?
2 years ago
1
0
0
0
I would test this and see what detection opportunities exist with the Jira/Confluence audit logs but I already know there is not enough info logged to find token theft. Defenders have to rely on EDR logging for the token theft and hope users only access from work machines 👎
2 years ago
0
0
0
0
I’m not hoping to start an big anti-OST flame war but it’s sad that the place that hosts a whole podcast drops offensive Atlassian tooling without a section on detection :(
posts.specterops.io/sowing-chaos-and-reaping...
2 years ago
0
0
1
0
Woo, my addition to the LOOBins project got released today! https://github.com/infosecB/LOOBins/releases/tag/v1.1.0
I added the mdls command used by common adware like Genio
2 years ago
3
0
0
0
I doubt they'll fix things, I've only seen one vendor make effort since https://audit-logs.tax went up... On the other hand it's really satisfying to publish and worth it.
2 years ago
1
0
0
0
Advertisement
Seems like the answer to this was to some extent: yes, 0-day was used.
New *OS releases (see https://support.apple.com/en-us/HT213814 from today include a mention of the Kaspersky team for CVE-2023-32434 so it seems like there was some level of 0-day with the Triangulation attack
2 years ago
0
0
0
0
More macOS threats to be detected 👀
www.bitdefender.com/blog/labs/fragments-of-c...
2 years ago
0
0
0
0
Iconic way for @killedbygoogle.com to enter this new platform.
2 years ago
1
0
0
0
@jshlbrd.bsky.social is live at Fwd:cloudsec talking about
the design and use of https://substation.readme.io
at Brex! 🔥
https://www.youtube.com/watch?v=ZvdYgL6b9xE
2 years ago
0
0
0
0