Brent Muir

I am often asked how to keep systems secured against threats - this post is based on my experiences securing corporate enterprise systems, but geared towards Small & Medium Businesses with little to no budgets. #infosec #Cybersecurity #SMB #security #PSA bsmuir.kinja.com/smb-sme-guide-…

🔒 Secure Bits 💡 Did you know, 𝗡𝗧𝗟𝗠 𝘄𝗮𝘀 𝗱𝗲𝗽𝗿𝗲𝗰𝗮𝘁𝗲𝗱 𝗯𝘆 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗶𝗻 𝟮𝟬𝟮𝟰 ? I know it is not a simple task for companies to get rid of NTLM in their environments, especially if you have hundreds or thousands of assets. I have assessed dozens of companies, so I have been there. Dang, it is even hard to convince Windows OS to stop using NTLM. But that is not the point of this post. There are GPOs that help you get rid of NTLM in your environment. As you can see below, you can completely disable NTLM in your Active Directory, but more importantly, you can AUDIT NTLM traffic before you do so. I recommend starting to get rid of NTLM step-by-step. Audit the usage and disable it where you know it is safe. Here is what you can do with GPOs: - Deny all incoming NTLM traffic - Deny all outgoing NTLM traffic - Add servers to exception, so they can still use NTLM - 𝗔𝘂𝗱𝗶𝘁 𝗡𝗧𝗟𝗠 𝘁𝗿𝗮𝗳𝗳𝗶𝗰 #Windows #ActiveDirectory #Cybersecurity @BlueTeamDave

Oh crap, Reddit are onto us. Quick, everyone look busy.

I left Instagram, Facebook, and pretty much all social media behind. Now, my Minimal Phone has only YouTube (for podcasts) & X (for news)—but even those get way less screen time than they did on my iPhone.

Apple indeed added a feature called "inactivity reboot" in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device. github.com/search?q=repo%…

Beware of malvertising downloads! They are delivering MSIX installers and deploying the #NUMOZYLOD PowerShell script which is linked to #UNC4536. 🛡️Protect your organizations from hackers and learn how to detect it using Google Security Operations. bit.ly/3Alb6KL

Don’t call it that.

God: Jessica, we’d like you to meet our new angel. Jessica Walters: Who is it? Martin Mull: *takes off halo* Gene Parmesan, how you doing? Jessica: AAHHHHHH!!!

After 15 years, YARA gets a major upgrade. Introducing YARA-X: rewritten in Rust for better UX, improved performance, enhanced security, and easier integration. YARA isn't dead, but YARA-X is the future. Test it out and share your feedback! virustotal.github.io/yara-x/blog/ya…

QCSuper "a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G(and for certain models 5G) radio frames, among other things." github.com/P1sec/QCSuper

AS-REP Roasting pentestlab.blog/2024/02/20/as-…

In today's updates we've added initial support for extracting QR codes from PDF submissions Check it out in our latest Triage Thursday blog 👇 hatching.io/blog/tt-2024-0…

GitHub - stirtcanada/smishing: Smishing is a python script that send SMS using Phishing Frenzy framework github.com/stirtcanada/sm…

We believe that the CIS Controls are the first security framework to publish a mapping of costs associated with implementing our framework. View our findings on page 8 in our guide, The Cost of Cyber Defense. bit.ly/448yC8w #cyberdefense #CISControls #cyberhygiene

New! CIS Controls v8 Mapping to NIST CSF 2.0 bit.ly/3U2gcC7 #CISControls #cybersecurity

#APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced schemes to access victim networks, including cloud environments. Learn more about these operations, including APT42 posing as journalists to build trust with their victims. ➡️ bit.ly/44s4Agw

im pirating Ableton Live suite 12 the .NFO has an interesting tidbit: "does not modify any original binaries". How does it work? lets find out. live reversing thread lets go

A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it. The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo: https://github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip https://github[.]com/microsoft/STL/files/14432565/Cheater.Pro.1.6.0.zip But they are not. These ZIPs are #malware. An attacker, while commenting on any GitHub commit/PR, can "attach" a file that gets assigned a URL slug containing the name of the repo where the comment was made. Even if the comment is never actually posted or later deleted by the attacker, the link to the file remains live! And, the repo owner (Microsoft in this case) would have no knowledge of or control over such files. Threat actors have been abusing this flaw to distribute malicious executables under the false pretense that these are coming from credible organizations' code repos.

What position is it in soccer where my kid tries to find a four leaf clover?

New! CIS Controls v8 Mapping to NIST CSF 2.0 bit.ly/3U2gcC7 #CISControls #cybersecurity

In 2023, we teamed up with @Google’s Threat Analysis Group (TAG) to track down 97 zero-day vulnerabilities. Our findings: 61 hit end user platforms, 36 targeted enterprise tech. Read the report! bit.ly/43Izpgr #Cybersecurity #ZeroDayVulnerabilities #ThreatAnalysis