John Doe

@Rainmaker1973 @RemindMe_OfThis in 10 million years

A new ocean is forming in Africa along a 35-mile crack that opened up in Ethiopia in 2005. The crack, which has been expanding ever since, is a result of three tectonic plates pulling away from each other. It’s thought that Africa’s new ocean will take at least 5 million to 10 million years to form, but the Afar region’s fortuitous location at the boundaries of the Nubian, Somali and Arabian plates makes it a unique laboratory to study elaborate tectonic processes. There are still some big unknowns, including what is causing the continent to rift apart. Some think that a massive plume of superheated rocks rising from the mantle beneath East Africa could be driving the region’s continental rift. Each plate boundary in the Afar region is spreading at different speeds, but the combined forces of these separating plates is creating what’s known as a mid-ocean ridge system, where eventually a new ocean will form. The three plates are separating at different speeds. The Arabian plate is moving away from Africa at a rate of about 1 inch per year, while the two African plates are separating even slower, between half an inch to 0.2 inches per year. [📷 Anthony Philpotts]

"why did everyone sh*t on CTI teams?" Spicy takes, real underlying issues reddit.com/r/cybersecurit…

@DebugPrivilege Malwarebytes free av

Yesterday 1Password released an Incident Response Report believing that when Okta was breached (again) the Threat Actor(s) tried to pivot to them. They noted they used MalwareBytes™ FREE AV

A harsh but extremely fair admission from ex blue team member of 1Password As a result of their recent post I am no longer recommending @1Password being used in any mission critical or corp environments, they in their current state are a liability. twitter.com/Hacker_Horse/s…

🚨IMPORTANT🚨 We have observed that the implant placed on tens of thousands of Cisco devices has been altered to check for an Authorization HTTP header value before responding [1/3]

friends don't let friends just sling around TIDs 🚷

anything > SPL

I had to use Splunk to query something today for the first time in a long time. I hope it's the last time in a long time. Inb4 all the Splunk lovers come after me, KQL > SPL.

New blog post is up which looks at an unpatched vulnerability in macOS which allows us to hijack entitlements from signed binaries.. aka.. DirtyNIB. blog.xpnsec.com/dirtynib/

Datadog's security team has just released KubeHound, an open-source attack mapping tool for Kubernetes clusters securitylabs.datadoghq.com/articles/kubeh… kubehound.io Comes with 25 attack types, each one comes with step by step instructions of how to exploit it

Very nice project from @craiu , @Now_on_VT ! Get notified when interesting APT/FIN indicators of compromise appear on VirusTotal! @craiu any info on how this works? and if there is a stream we can contribute to add IOCs/reports to follow? twitter.com/Now_on_VT/stat…

@ha888t worse yet, WatchTower 😧

Scaling detection and response operations at Coinbase part 2 & 3: 🔍 Driving context into detection logic with machine and user profiles 🔧 Codifying automatic remediation for high-risk detections 📫 Automating alert triage with employees via Slackbot coinbase.com/blog/scaling-d…

Mitre Att&ck Turla Vendors With No Config Changes paloaltonetworks cybereason sentinelone ibmsecurity somma watchguard symantec

A couple thoughts on ATT&CK Evaluations...yes, the marketing is ridiculous. I also hope the useful parts of these evaluations won't get completely lost in that. You can find a lot of insight on tools if you dive into the results. Here are some example questions to consider...

@Sophos @MITREengenuity It's 98% not 99% Telemetry is not detection, just part of visibility. Analytics = Detection.

Today @MITREengenuity announced the results of its fifth Enterprise Evaluation. Sophos is a proud participant in this evaluation. Sophos Intercept X achieved 99% detection coverage of adversary behavior. Learn more: bit.ly/45WPxv5

Highest technique counts - PaloAlto 99% - Cybereason 96% - CrowdStrike 95%

MITRE Att&ck Turla Results 2 vendors 100% on all categories (Crwd,PaloAlto) 3 vendors 100% analytic (Crwd,Cynet,PaloAlto) 5 vendors 100% visibility (Crwd,Cybereason,Cynet, Msft,PaloAlto) 7 vendors 100% protection (Crwd,Cybereason,Msft, PaloAlto,S1,Symantec,Trendmicro)