Patrick

Verifying myself: I am patricksvgr on Keybase.io. kGkdDxGwnDVuWYN3Ps-UsQbIM8AbuwnOZUPN / keybase.io/patricksvgr/si…

@medsci_yb3r @Apple @AppleSupport @ProtonVPN @ProtonDrive @ProtonMail @Proton_Pass @ProtonWallet @ProtonPrivacy @ProtonSupport @KulinskiArkadi It looks like the Apache License URL is correlated (indirectly), hence the references to the other collections. I guess the chances that these are related are highly unlikely.

@Apple @AppleSupport @ProtonVPN @ProtonDrive @ProtonMail @Proton_Pass @ProtonWallet @ProtonPrivacy @ProtonSupport hmmmm also see your things in here too @KulinskiArkadi btw sighhh On another note, I noticed @patricksvgr (in yellow) is here (there, and literally everywhere all at once?). Would love to 'pick your brain if you had a moment' <3 virustotal.com/graph/embed/g5…

Well that can't be good...so what you're saying is that @Apple devices "don't get viruses"? cc: @AppleSupport I have some questions. cc: @KulinskiArkadi I see your collection there. W Edmonton w Albercie mieszka bardzo duża liczba Polaków i Ukraińców. Przypuszczam, że to nie jest przypadek. Nie znam wielu osób ze swojego otoczenia, które mogłyby pomóc w tej sprawie. Na podstawie tej próbki zakładam, że to nie jest odosobniony problem. Zdecydowanie celowe. cc: @LukaszukAB ?? Any thoughts on this? cc: @userlolxxl @skocherhan @smica83 @ADanielHill cc: @UK_Daniel_Card I see the UK is all up in here too - what's the ish here? https://support[.]apple[.]com/en-ca/126047 Abuse of Root #Certificates and/or abuse of the configurator thingy? This sample was on lockdown & hardware keyed. I'm confused. Lots of things being abused here (e.g. folks not 'doing their jobs' = will be the death of me ahhhh). virustotal.com/graph/embed/g6… In @virustotal collection virustotal.com/gui/collection… IOCs (enriched) in @LevelBlueCyber OTX 2096 otx.alienvault.com/pulse/697931af… & on @filescan_itsec

We want 👉Y O U👈 to speak at #FIRSTCTI26 in Munich 🌍We'll make it easy, submit here 😉➡️ 🔗go.first.org/EHUnv #cyber #cyberthreatintelligence

I had the pleasure of presenting at #FIRSTCTI25 in Berlin: "The Art of Pivoting – How You Can Discover More from Adversaries with Existing Information." Slides ail-project.org/assets/img/sli…

Last but no least, Xavier Mertens (@xme) is automating the malware collection and analysis in "HA - Not "High Availability" but "Hunting Automation" #pHA-Not-High-Availability-but-Hunting-Automation" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

Adam Turner is now covering "Ransomware Payment Profiles - Exposing the Risk through Enhanced STIX Threat Intelligence" (TLP:GREEN) #pRansomware-Payment-Profiles-Exposing-the-risk-through-enhanced-STIX-threat-intelligence" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

Blog post: sans.org/blog/enhance-y…

Reliability of sources? Credibility of information? Freddy Murstad will highlight a rarely implemented method for evaluation collected information in "From Your Gut to a Gold Standard: Introducing the Admiralty System in CTI" #pFrom-Your-Gut-to-a-Gold-Standard-Introducing-the-Admiralty-System-in-CTI" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

Moving on, “If everything is priority, nothing is priority” or you can see it like Jake Nicastro who will fundamentally challenge this in "If Everything is Priority... That's Okay!" #pIf-Everything-is-Priority-That-s-Okay" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

Next up is Asli Koksal with "You Shall Not Pass! (Without Proper Attribution): Untangling a Complex Attribution Case" (TLP:AMBER) who will analyse some real-world cases of misattribution #pYou-Shall-Not-Pass-Without-Proper-Attribution-Untangling-a-Complex-Attribution-Case" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

@adulau I guess @secman_pl and @pstirparo would be very proud! 🛋️

For the next talk, Alexandre (@adulau) will present "The Art of Pivoting - How You Can Discover More from Adversaries with Existing Information". There's always a chance that you'll find a new pivot point you haven't heard of before. #pThe-Art-of-Pivoting-How-You-Can-Discover-More-from-Adversaries-with-Existing-Information" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

Software supply chains are increasingly recognized as a critical and vulnerable point for cyberattacks. Paul McCarty shows which role intelligence can play in "Evolve or Perish: Integrating Software Supply Chain Intel into Enterprise CTI" #pEvolve-or-Perish-Integrating-Software-Supply-Chain-Intel-into-Enterprise-CTI" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

Our next speaker, Alfredo Reyes, will apply CTI to "Fortifying Your Brand: The Intersection of Cyber Threat Intelligence, Brand Abuse, and Physical Security" (TLP:AMBER) #pFortifying-Your-Brand-The-Intersection-of-Cyber-Threat-Intelligence-Brand-Abuse-and-Physical-Security" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

Rhys Mataira will started the last day with "CTI in a PSIRT Context" (TLP:GREEN). Have you ever thought about a CTI function in the product world? #pCTI-in-a-PSIRT-Context" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

As visualization is an underexposed topic within CTI, I'm more than happy that Chris Horsley is covering aspects of it in "Rethinking Data Visualisation for CTI" #pRethinking-Data-Visualisation-for-CTI" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

@adulau Vulnerability-Lookup: github.com/vulnerability-…

We're back from break! From requirements to collection. Cedric and Alexandre (@adulau) will showcase that monitoring vulnerability chatter on, e.g., social media can be used for enriching and prioritization #pScoring-Vulnerabilities-by-Leveraging-Activity-Data-from-the-Fediverse" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25

@orojcik Referenced link for developing PIRs: github.com/redhat-infosec…

Shout out to @orojcik, you're also missed, get well soon! ❤️

Requirements! Keith Swagler will "Bridging Gaps in CTI: Using PIRs for Threat-Informed Security", transfering the strategic concept into day-to-day CTI activities to effectively operationalizing Priority Intelligence Requirements (PIRs) #pBridging-Gaps-in-CTI-Using-PIRs-for-Threat-Informed-Security" target="_blank" rel="nofollow noopener">first.org/conference/fir… #FIRSTCTI25