perox_

If you're a @CrowdStrike customer and your machine is off, leave it that way. Something has caused blue screen loops with csagent.sys and it's, um, not good...

🟣 “Triangulación proactiva de adversarios” con 👥 Lórien Domenech Ruiz y Javier García Guillén, de 16:30 a 17:30, en la sala 25.

Have a look at “Mastering KQL” for a very good introduction to the Kusto Query Language for threat hunting and incident response. github.com/cyb3rmik3/pres… by @Cyb3rMik3 #dfir #kusto

RIP kb.vmware.com/s/article/2107…

OVA Files i5c.us/d30424

It's interesting to see CISA add procedures, commands, and behaviors into their IOC section. It's probably a good approach as many just ask for IOCs and anticipate atomic IOCs, like IP Addresses, but this could help atomic IOC based organizations evolve to focusing on behaviors. cisa.gov/sites/default/…

Kubeshark The API traffic analyzer for #Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by #Wireshark, purposely built for Kubernetes github.com/kubeshark/kube… Website: kubeshark.co #cybersecurity #infosec #pentesting

Una banda de ransomware roba datos de una empresa. Días después, esa misma banda denuncia a la empresa ante la SEC (Comisión de Bolsa y Valores) por no declarar la brecha a tiempo. Las bandas protegen su negocio con las herramientas de las que disponen: ilegales y... legales.

Una de las mejores CONs en España donde compartir experiencias, es @Sh3llCON ya en cartel para enero 2024 y promete simplemente con la web sh3llcon.es que será dura... Prepararos para Reinosa (Cantabria) en Enero y más detalles en la web..

SEC is charging SolarWinds CISO for their breach due to hiding and inaccurately painting their security posture picture. I probably know a few “people-leader CISO’s” that probably fall into this. Be warned. Know what you’re doing or let someone else lead. therecord.media/solarwinds-cis…

Automated USB artefact parsing from the Registry khyrenz.com/post/automated… >> Easy to use Python script for quickly auditing USB activity by @4enzikat0r

Yesterday I had a chance to speak at @TheHackSummit conference about the #DFIR value of an NTFS USN Journal. And I have invented a tool, literally on stage: a parser for the Journal, focusing on deleted files. With some recursive capabilities allowing you to recover full paths, even if the folder structure was deleted as well. Enjoy the source code, and the compiled exe, as usual: github.com/gtworek/PSBits…

Sh3llCON 2024 cargando...

Traces of Windows Remote Command Execution, by @synacktiv #DFIR synacktiv.com/publications/t…

How do companies ship code to production? The method to download the high-resolution PDF is available at the end. The diagram below illustrates the typical workflow. Step 1: The process starts with a product owner creating user stories based on requirements. Step 2: The dev team picks up the user stories from the backlog and puts them into a sprint for a two-week dev cycle. Step 3: The developers commit source code into the code repository Git. Step 4: A build is triggered in Jenkins. The source code must pass unit tests, code coverage threshold, and gates in SonarQube. Step 5: Once the build is successful, the build is stored in artifactory. Then the build is deployed into the dev environment. Step 6: There might be multiple dev teams working on different features. The features need to be tested independently, so they are deployed to QA1 and QA2. Step 7: The QA team picks up the new QA environments and performs QA testing, regression testing, and performance testing. Steps 8: Once the QA builds pass the QA team’s verification, they are deployed to the UAT environment, where the QA team, dev team, and even the product owner perform UAT testing. Step 9: If the UAT testing is successful, the builds become release candidates and will be deployed to the production environment on schedule. Here we might not want to deploy to all the users in one go to mitigate the change risks, so some techniques like feature toggle, canary deployment can be used. Step 10: SRE (Site Reliability Engineering) team is responsible for prod monitoring. They leverage a bunch of log-analyzing tools and process-tracing tools like ELK stack, Prometheus, and Skywalking. They report production issues to QA and dev teams, and teams need to fix them based on defined priority. – Subscribe to our newsletter to download the 𝐡𝐢𝐠𝐡-𝐫𝐞𝐬𝐨𝐥𝐮𝐭𝐢𝐨𝐧 𝐏𝐃𝐅. After signing up, find the download link on the success page: bit.ly/bytebytegoship…

And thus, new version of #pypykatz is out. On Github and PIP. This version also contains all improvements which were not yet made public due to Porchetta Industries agreement. 🥲 github.com/skelsec/pypyka…

#linux command to world destroyers @nixcraft: $ fallocate -l 10TB file.big

[Part3] Some #IOC about #Ransomware #RansomHouse #Mario: - IP Address: 148.113.136.10 - IP Address: 185.194.57.83 - IP Address: 45.9.148.209 - IP Address: 51.222.86.79 - IP Address: 185.64.104.234

[Part2] Some #IOC about #Ransomware #RansomHouse #Mario: - Filename: /tmp/mrAgent - Filename: /tmp/e_mario_esxi.out - IP Address: 79.132.135.198 - IP Address: 185.194.57.83 - IP Address: 141.255.162.218 - IP Address: 144.217.86.109

[Part1] Some #IOC about #Ransomware #RansomHouse #Mario: - Extension: .emario - Extension: .nmario - Filename: How To Restore Your Files.txt - Domain: …bvpofymcayotp744qhx6gjmxbuo2yid.onion - Domain: …g7wdhimezam26e435gr7ko6qf742fyd.onion - URL: …g7wdhimezam26e435gr7ko6qf742fyd.onion/?Url=abcd1234-…