Izy

Check out GoLinHound: - Discovers Linux & SSH attack paths - Outputs OpenGraph JSON for BloodHound ingestion - Integrates with SharpHound and AzureHound data to unveil cross-technology attack paths github.com/RantaSec/golin…

@ImposeCost @ConnorSecurity fire

"I joined Mandiant to make the news, not follow the news." -@ConnorSecurity

Catch @IzySec's recent podcast discussing Rogue Remote Desktop Protocol: open.spotify.com/episode/5AGW25…

Signed .rdp files are being used to trick users. GTIG observed a novel #phishing campaign targeting European government and military organizations, and has attributed it to a suspected Russia-nexus #espionage actor tracked as UNC5837. Read the details: bit.ly/4jrDcFD

1) I didn't know .RDP config files could be signed 2) RDP RemoteApps are crazy 3) I always appreciate a Fuzzy Snuggly Duck cloud.google.com/blog/topics/th…

Neat blog on RDP tradecraft, includes examples, practical recommendations on hardening, detection ideas etc.

Having convertible detection content is great, no doubt. What I think is underrated is blueteam-focused tradecraft intel. Red teams share it all the time, we should too. A threat group recently showed creativity with a known technique. Here's how it worked cloud.google.com/blog/topics/th…

@ImposeCost For Azure trainings, I've heard good things about specterops.io/adversary-pers… xintra.org/training/cours… alteredsecurity.com I've not personally taken any myself. For AWS, I have taken and can recommend the course from the AWS IR team themsleves aws.amazon.com/blogs/security…

Some solid work done by the team! Give them a read :)

Windows audit policies, the events they enable and the relative volume of events they generate #ThreatHunting #DFIR

A sister team of mine is hiring. They do hard core detection engineering. You will be analyzing things you won't see elsewhere and writing a variety of content to detect it. Super technical role alongside some great folk.

@ImposeCost COUNTER STRIIIKEE

@ImposeCost I hear it's great :D

Wondering what telemetry an EDR collects? Wonder no more! @Kostastsale and @ateixei run an EDR Telemetry Project, covering all major EDRs: "The main goal of the EDR Telemetry project is to encourage EDR vendors to be more transparent about the telemetry they provide". Blog: detect.fyi/edr-telemetry-… Table: docs.google.com/spreadsheets/d… Github: github.com/tsale/EDR-Tele… #redteam #blueteam #telemetry

Small experiment today, inspired by @kaganisildak, using RCON protocol, as used by e.g. CS 1.6 as a C2 channel for the lulz

@ImposeCost I liked the Psychology of Money by Morgan Housel.

@_RastaMouse Your content doesn't need marketing, Daniel!

I don’t do as well as $16M but I also spend 0% on direct marketing/advertising . I sponsor some conferences where I can, but I believe the reputation of the company is carried by the quality of the products. Thereafter, all sales are driven by word of mouth recommendations.

It's a bittersweet moment, but our series of "Attacking an EDR" has come to an end! Me and @Her0_IT hope that you had as much fun reading it as we had writing it. riccardoancarani.github.io/2023-11-07-att…

Woooo, legoooo!

I've just released the next edition of the On Detection series. I investigate why detection rules based on Process Creation are often brittle or easily bypassed. I also provide a framework for discerning when it is appropriate and when it isn't. posts.specterops.io/on-detection-t…