with anything else.
Things are changing; they always do.
Gear up your defenses, be consistent, take a good note of what's changing and try to keep up reasonably and practically. (4/4)
#cybersecurity #claude #mythos #cyb3rint3l
engineering laptops containing administrative credentials for numerous deployments in plain text, usage of legacy software, no patch management and absence of any kind of monitoring to name a few.
We first need to make sure to follow the basics, build on defense in-depth & take it from there (3/4)
However, proven cybersecurity principles won't just change overnight.
We need to remember that the most prominent cyber attacks up until now had come as a result of poor cyber hygiene practices aka partially or even completely omitting the basics on some occasions.
Wide-open RDP services, (2/4)
There's a lot of noise lately about Anthropic's Mythos.
Its said capabilities are impressive and it appears this to be the case for the most part. We could be witnessing history rewriting in regards to pace acceleration from vulnerability discovery to much faster exploitation. (1/4)
A picture with white background and red top banner displays information on Claude Status.
Oh, my!
#claude
In this video, we issue the below five commands:
- nslookup
- set type=mx, example[dot]com
- set type=ns, example[dot]com
- set type=txt, example[dot]com
- _dmarc.example[dot]com
The below two commands are issued in Windows PowerShell as part of this video:
โ
Get-FileHash
โ
New-Item & Rename-Item
โ
Cryptographic Hashes - How To Check!
How do you know if a file is safe or tampered with? In this video, we go through verifying file integrity in Windows using cryptographic hashes.
youtube.com/shorts/w_WYl...
I don't think they hate it. They surely do not prioritise it.
How to find #DNS records in seconds!
In this video we go through some NSLOOKUP commands for basic #OSINT helping us to discover DNS records using the terminal in seconds.
This is applicable in both #Windows and #Linux environments.
youtube.com/shorts/N4rOq...
That's right!
3) Use Mistral for comparison purposes (e.g logs, datasets).
This way, you will get a two-fold win: you will save yourself a fair amount of quota usage while having your work validated against three major LLMs.
(2/2)
#Gemini #openai #Mistral #LLM
#Claude quota usage and limits are lately out of control. A piece of advice for those seeing their quota gone in just a few prompts.
1) Use Claude only for the main intended purpose you chose it (e.g. to help you with code).
2) Use Gemini for all other tasks; mainly for reasoning and logic.
(1/2)
(4/4) 5) Protect your backups. Always prioritise immutable or air-gapped backups over sets that can be easily tampered with or destroyed.
(3/4) 4) Lock down RDP. Turn off RDP connections where they aren't strictly needed. Yes, even on the internal network. This is critical for backup servers. If you can log in with just one click, adversaries can too (and, spoiler alert, they will). Security over convenience.
(2/4) 2) Clean up your software inventory. Leaving a temporary "PuTTY/WinSCP" installation sitting on your server post-upgrade is not a good idea.
3) Stop saving credentials. Never save passwords or UNC paths locally, especially on servers. Yes, enter them again if you have to.
(1/4) I've been asked lately how cybersecurity can still be straightforward despite all the industry noise.
Ensure that you do not omit the basics:
1) Consolidate your browsers. You don't need 4 different browsers on one system. Stick to one or two at most & use profiles to separate your tasks.
Dashboard view of the Windows Server Security Audit tool showing NIS2 alignment grade, critical issues, warnings, passed checks, total checks, and compliance by security domain with color-coded bars.
I've released an open-source PowerShell tool for Windows Server Security Audits.
Features
โ
Alignment with EUs NIS2 (Art. 21)
โ
Maps to MITRE ATT&CK & CIS v8
โ
Weighted Risk Scoring & HTML/JSON Reports
I'd love to have your feedback!
๐ https:https://github.com/cyb3rint3l-labs/ServerSecurityAudit
๐๐ฎ๐๐ ๐ฐ๐ต๐ฎ๐ป๐ฐ๐ฒ ๐๐ผ ๐๐๐ฟ๐ป ๐ถ๐ ๐ผ๐ณ๐ณ!
#linkedin #aitraining #dataprotection
youtube.com/shorts/CQ-Pd...
๐ What youโll learn in this video:
- How to use Process Monitor for real-time file, registry, and process activity
- How to leverage Autoruns to detect malware persistence and TCPView for network connections
- How to combine these tools to get actionable Threat Intelligence
In this second part of the "Threat Hunting with Sysinternals" series, designed for SOC Analysts, Blue Teamers and System/Network administrators, we explore Process Monitor, Autoruns and TCPView.
youtu.be/VgWSUKVUUfU
Largest NPM supply chain attack in history. Attackers compromised 18 core JavaScript packages with 2+ billion weekly downloads after phishing a maintainer. Malware targets crypto wallets & steals credentials. Millions of developers affected worldwide www.aikido.dev/blog/npm-deb...
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7
The new Bloodhound version has some genuinely crazy cool new features -- OpenGraph really blows the doors off the potential for Bloodhound to not just map attack paths within Microsoft Active Directory or Entra ID tenants, but now... ANYTHING ๐คฉ youtu.be/kVOjXGbm_Ro
SpiderFoot is one of the tools I've used most in my OSINT journey so far.
I highly recommend it!
#osint #cyb3rint3l #cybersecurity #osintseries #digitalfootprint #infosec #spiderfoot #reconnaissance #shodan #virustotal
CISA openโsources Thorium malware forensic platform.
https://deadstack.net/cluster/11364
๐๐ฅ Stories follow in replies.
#tech #opensource #infosec #government #cybersecurity
No six-figure #cybersecurity solution will save you if:
โ You haven't trained your users
โ You save RDP credentials on the client
โ Force UNC paths to remember login details
โ You lack a Patch Management strategy
โ You are not incorporating Monitoring
โ You assume you are too small to be hit
LOL
Thanks!
