Abbas Kudrati

These movies are not answers. They’re mirrors, maps, and warnings. Follow @BoldExaltus for more on discipline, philosophy, psychology, and self-mastery.

Dear Daughter, Watch these 12 movies before it’s late: 👇

Integrated with Microsoft Entra, @silverfort provides real-time protection against ID-based attacks for all users across cloud and on-premises environments aka.ms/AAzbvbk #MSMarketplace

How can CISOs move from "Chief Incident Scapegoat Officer" to "key business partner who keeps me out of jail and keeps our assets safe"? How to become a trusted advisor instead of being sent to the kids table & ignored while waiting to be blamed/fired at the next incident? a 🧵

🚀 New Book Out! "Securing Cloud Containers" is now available 📘 Built on lessons from hyperscale orgs like @msftsecurity By @askudrati, @sinamanavi, Muhammad Aizuddin Zali Tech Editor: @iamgineesh Foreword: @vivekramac 👉 amazon.com.au/dp/1394333730 #CloudSecurity #Kubernetes

Dear Son, Watch these 12 movies before it’s late: 👇

Generative AI is transforming cybersecurity, making it crucial to master defense tactics and responsible AI use. Join cybersecurity expert and #MSFTAlum @askudrati at 2 p,m. PDT on June 12 for “Understanding Threats and Opportunities of GenAI." microsoftalumni.com/s/1769/19/inte…

I just published Agentic AI: A Paradigm Shift in Cybersecurity Operations (SOC) medium.com/p/agentic-ai-a…

You’ve been lied to about weight loss. Cardio is a stupid way to lose fat. It barely burns any calories, makes you hungrier, and leads to overeating. Let me share a science-backed system to drop 20 pounds of fat before summer (without ever stepping on a treadmill): 🧵

Thanks for reading! If you found this thread useful, give it a retweet to help others with their weight loss journey. And follow me @craigbrockie for science-based insights to improve your health and longevity.

I just published an article describing all the roles with security responsibilities and/or accountabilities across business, technology, &security teams. Also discusses how important it is to start accountability correctly at the top of the organization. linkedin.com/pulse/security…

Midnight Blizzard is conducting large-scale spear-phishing campaign using RDP files! In this campaign, the malicious .RDP attachment was configured with sensitive settings designed to enable significant information exposure. Once the target system was compromised, it established a connection with a server controlled by the threat actor. This connection facilitated bidirectional mapping of the targeted user's local device resources to the malicious server. Resources shared with the server included, but were not limited to, logical hard drives, clipboard data, printers, connected peripheral devices, audio streams, and authentication features of the Windows operating system, such as smart cards. This access allowed the threat actor to install malware on the local drives and mapped network shares of the victim, particularly in AutoStart folders, to achieve persistence. Additionally, they could deploy tools like remote access trojans (RATs) to retain control even after the RDP session ended. Furthermore, the process of establishing an RDP connection with the malicious server could expose the credentials of the user currently logged into the compromised system. Unfortunately, EDR/XDRs are rendered useless as they can either block ALL or NO .rdp files - there is no way to make an EDR inspect the RDP file for malicious settings or unauthorized servers. This is where SquareX can help and block this - our browser-native content inspection can automatically parse RDP files and scan for malicious intent and unauthorized servers. In this video, we simulate this attack and show how. We do all of this by deploying just a simple Browser Extension which works on ANY browser! If you are interested in knowing more: sqrx.com @getsquarex Original Microsoft Article: lnkd.in/gHSpeidb

What a fantastic start to our time in Melbourne! Team SquareX had the honor of hosting a CISO Luncheon, bringing together 20+ #cybersecurity leaders for an engaging discussion. A big thank you to our advisor, @askudrati, for delivering a powerful opening keynote.

@askudrati We’ll be at @AISA_National CyberCon for the next three days at Start-up Booth 42. Stop by to say hello: getstarted.sqrx.com/aisa

🎙️✨Data Sovereignty & Security Challenges in APAC Region: Simplifying Security with #ZeroTrust & #AI-Driven Solutions On Location Coverage w/@sean_martin & @MarcoCiappelli Australian Cyber Conference 2024 Melbourne @AISA_National Guest: @askudrati 📺👇 youtube.com/watch?v=DjHaxJ…

Hear more about @askudrati's thoughts on #DLP, #zerotrust and advice for aspiring #CISOs on the Be Fearless Podcast: youtube.com/watch?v=B2jjDr…

New Recovery Tool to help with #CrowdStrike issue impacting #Windows endpoints. #bsod techcommunity.microsoft.com/t5/intune-cust…

🔥 How I broke the internet today and what lessons can we learn from it? #Crowdstrike 🧐 Several things that make it a good fake that worked: 👇 1. No culprit named yet, I bring it on a platter, people like to have a culprit. 2- The culprit seems completely stupid, he is proud of his stupidity, he... takes his afternoon off on... the first day of work... 3- This falls right into a huge buzz in which people absolutely need to have new information, and a fake is by nature new, you won't read it anywhere else 4- In English = very easy to share internationally, with the vast majority of people who have no idea who I am. 5- Baby fingers are stupid, but they distract people from other things (like the fact that I have a horn on my head because of bad clipping) 6- Confirmation bias: People want to believe it, it's so funny. “I like the information, so it is true.” 7- The information is pushed ironically by people who know that it is a joke, and then it arrives in the litteral zone which amplifies it even stronger.

We're aware of an issue with Windows 365 Cloud PCs caused by a recent update to CrowdStrike Falcon Sensor software. This is being communicated under WP821561 in the admin center. (Cont...)