Security Doggo

UDS 2019 Current Agenda.doc virustotal.com/#/file/04bd6c3… Run here: app.any.run/tasks/1c6c76f8… 443 to photopoststories[.]com #malware #infosec #phishing @James_inthe_box @VK_Intel @MalwareParty @_jsoo_ @ItsReallyNick @Ledtech3

@SwiftOnSecurity Really sucks if your entry name give away the username (e.g. if you have multiple twitter accounts). Also pre 2019 accounts have their password iterations set to 5k by default but to my knowledge @LastPass never let customers know of the new 100100 iteration max.

LastPass attackers now know all websites you have passwords stored for and the blobs, encrypted only by your master password blog.lastpass.com/2022/12/notice…

If you ever changed your #LastPass password iterations count, it never got updated when @LastPass changed their default to 100,100 from 5k. Anyone got a calculator to see how long it would take various iteration amounts to crack?

@cyb3rops Great cheat sheet. Will have to use it to marry it up with the alignment of log sources and log events from clients and see where gaps reside across the base.

I started transforming my internal "Detection Engineering Cheat Sheet" that I've created for my team into a more generic version - I'll share it when I have included all feedback and reflected on it a bit more #DetectionEngineering

Stories from the SOC: #Fortinet authentication bypass observed in the wild. Read: cybersecurity.att.com/blogs/security… via @attcyber

@USCGSoutheast Rest in peace. You will be missed.

#UPDATE5/#FINAL Mr. Vitali Kremez's body was recovered by local authorities Wednesday. "We'd like to express our deepest condolences to the loved ones of Mr. Kremez," said CWO Edgardo Insignares, a Sector Miami command duty officer. #SAR

#SearchAndRescue @USCG crews are searching for 36-year-old Vitali Kremez, last seen wearing a black wetsuit and scuba tank while diving near #HollywoodBeach, Florida. Anyone with information is asked to call Sector Miami at (305) 535-4472.

While I never got the opportunity to meet him in person, I have so many fond memories of chatting with him in DMs and seeing his analysis on the random stuff I tag him in. Sad to lose a hero and such an amazing person in the field.

@bmcder02 @MicrosoftDART Super super great post - I'm also SUPER bummed because this covers everything I wanted to do in a future blog post 🥲

My first blog with @MicrosoftDART! This is a post incident report, talking about some of the TTPs we saw in a recent ransomware incident. This really emphasizes the importance of doing a post ransomware IR. microsoft.com/security/blog/…

@tsunami_cyber @avuko @Fortinet @FortiGuardLabs What follow up activity have you observed? The ones we looked into, some are potential FPs for actual admin activity or patching at the time. Still waiting for more responses and info.

@avuko @securitydoggo @Fortinet @FortiGuardLabs This is from siem. Logs from fortigate are forwarded to siem

Any one got logs to share regarding CVE-2022-40684? Seeing some activity for the string in the advisory user="Local_Process_Access" - you all seeing these as system config file downloads via report runner? @Fortinet @FortiGuardLabs #CVE202240684 #exploit #cybersecurity #infosec

@avuko @tsunami_cyber @Fortinet @FortiGuardLabs The "Admin performed an action from GUI" does get forwarded as a system event. No instances of the other log within my sources unfortunately for confirmation.

@cyb3rops twitter.com/securitydoggo/… Some nice intel and info, but guess it will be more helpful for updates from Fortinet and others.

@cyb3rops We've seen this indicator but there looks to be potentially FP overlaps - definitely need more information.

For me and many other analysts it’s always: “Blah blah, critical vulnerability, blah blah install patch now, blah blah some kid published a PoC [great] blah blah … were’s the god damn information on how to detect a compromise? Where are the indicators?” helpnetsecurity.com/2022/10/11/cve…

Seeing the activity with node.js now, alongside Report Runner

@GossiTheDog @Fortinet @FortiGuardLabs @Horizon3Attack If I find anything and if I can share, I definitely will. It's going to be a busy day.

@GossiTheDog @Fortinet @FortiGuardLabs Unfortunately not - I don't believe we receive that level of logging. I haven't had a chance to dig into the logs for these orgs yet.

@HuntressLabs Was having a discussion about this with some people the other day🙃

By all means, let us know how that works out for you. 🥲 #CybersecurityAwarenessMonth #SeeYourselfInCyber

@Securonix Great work by the team! Just a few errors with some of the commands written out, and I think the picture for figure 18 is not right?

@Securonix Threat Research team recently discovered a new covert attack campaign targeting multiple military/weapons contractor companies, including a strategic supplier to the F-35 Lightning II fighter aircraft. Read More! sc.securonix.com/u/SKMHqp

@EKFiddle Seeing these now at godmessagedme[.]com as well. @DreamHost @GodsWhisperCast

#FakeUpdates .breatheinnew[.]life .roles.thepowerofgodswhisper[.]com 77.91.127[.]52

Incredible amount of pages on @issuu with a clickable box/link (usually for click here to access document) to 0365 #credharvesters #infosec #page.domain%3Aissuu.com" target="_blank" rel="nofollow noopener">urlscan.io/search/#page.d…