A reminder to the news media: “conflicting accounts” is what you say BEFORE the incontrovertible video evidence appears. After that, your job is to ask why one side is lying, not to repeat the lie and pretend no one knows the truth.

Extracting Rich Slack DLP Alerts Slack’s audit logs don’t include enough context to investigate DLP detections. In this post, I show how to export the richer DLP details Slack displays in the admin console, and I use my slack-dlp-log...

New Post: Exporting Slack DLP Alerts.

Slack’s Audit Logs don’t include enough context to properly investigate DLP detections or build response workflows. In the post, I walk through how to export the richer DLP alert details you can see in the admin console.

www.papermtn.co.uk/extracting-r...

Returning to the Cookie Jar In 2023 I wrote a blog post on how you can extract and use cookies from Slack to authenticate to the API, and it has become one of my most commonly viewed articles. Since then, Slack have changed a fe...

www.papermtn.co.uk/returning-to...

@joeabercrombie.com and Steven Pacey. Name a more iconic duo.

“Make comedy legal again” sure lasted long

What difference does it make?

Two ponies leading me up a fern-flanked path on Dartmoor

Often you’ll be walking on Dartmoor & some ponies will be like “Follow us, we will lead you to the castle where the wizard lives & life is perfect!” My advice, from experience, is to ignore them. Ponies are known liars who will make up any old shit to briefly relieve the vast boredom of their lives.

When you’ve finished your book and you’re waiting for the next one to be released…

@ryancahill.bsky.social

Secrets Management Part 2 – Encrypted Secret Retrieval with Gopass In this post I explain how to use gopass to GPG encrypt and store your secrets locally, then integrate with direnv to decrypt and load your secrets to environment variables in your shell without ex…

papermtn.co.uk/secrets-mana...

Talkback Talkback is an AI-powered infosec resource aggregator to be more productive with cyber security content.

talkback.sh by @elttam.bsky.social is a seriously good aggregator of news, research and technical stuff. Highly recommended.

Keep an eye out for notices - AWS RDS Protection for Guardduty seems to have had some issues collecting logs.

Unclear how pervasive this was!

Took me too long to realise that wasn’t a doggo

Obviously MFA is important, and any MFA is better than no MFA. But stories like this go to show how other controls are needed as well. I’ve seen too many cases of risks being downplayed because “we have MFA though”

Researchers Crack Microsoft Azure MFA in an Hour A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.

buT WE’VE gOT mFA eNabLeD

www.darkreading.com/cyberattacks...

In my mind the graphics are HD…

Probing Slack Workspaces for Authentication Information and other Treats Did you know that Slack provides some surprising information about a workspace to unauthenticated callers? Slack Watchman knows, and in this post I’m going to show you the information you can enume…

Probing Slack Workspaces for Authentication Information and other Treats papermtn.co.uk/probing-slac...

GitHub - DataDog/supply-chain-firewall: A tool for preventing the installation of malicious PyPI and npm packages :fire: A tool for preventing the installation of malicious PyPI and npm packages :fire: - DataDog/supply-chain-firewall

Another cool little tool from Datadog Labs. #cybersecurity


https://github.com/DataDog/supply-chain-firewall