ThreatABLE

Thanks to everyone that has signed up in the last few months. We're starting a Patreon that allows for some more advanced features, but the current functionality of the site for free members will be unchanged. Custom tags, WebHook URL integration, etc. patreon.com/threatable

I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless. There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity". I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them. The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries" I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert. Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial. Absolute cinema.

@UK_Daniel_Card I was gonna say the same. Easy block, kinda tired of you spamming up my feed anyway.

@threatable Do you think every org makes custom phishing training? or do you think perhaps they buy services from companies and get delivered generic guidance... in fact please don't answer. have a good weekend.

Ok fight time, Zack is wrong. phishing sims are largely pointless.... I speak to people who have to do them: they tell me they are useless!! they tell me the the guidance they get is pointless and conflicts with their job requirements. they tell me they report phishing and it takes weeks for outsourced IT to take action if at all.... Teaching people how to report is useful! giving them reasonably safe tech is useful. Phishing sims are not really useful.

@UK_Daniel_Card That's a lack of process building by the organization to assist those particular teams in using tools to interact with these random parties. This guidance shouldn't be contrary to their job requirements and roles, but it should guide them on how best to use email at work.

you didn't write that, it is however 100% obvious by your inventing things I didn't say and by your rude and condescending tone, I'm not sure I can be bothered to explain why some phishing guidance literally is counter to some peoples job requirements. but here's some help, look at requirement for people that work in roles such as: Sales Contact Center Customer Support Estate Agents Law Firms Any role that deals with the general public sending: emails with links and documents.

@UK_Daniel_Card I never wrote that I didn't understand what you said. I understand it just fine, I just don't agree fully. You said they said "and conflicts with their job requirements". How?

honestly, are you actually telling me you can't understand what I wrote/meant? because you are literally writing things I did not say. Some phishing guidance 100% does not align with the reality of peoples jobs. I literally have talked to people where they have explained this to me after they have conducted sims.

@UK_Daniel_Card You said they said that it conflicts with their job responsibilities. How else would it do that? Go into some details for me. I'd love to hear it.

@threatable I mean if you post nonsense it's not hostile for me to point it out. and please do park that 'you are not entirely wrong' bollocks, it's rude and condensing. I never once said 'it's peoples 'job' to click random links'.

@UK_Daniel_Card The hostility is entirely unnecessary. I'm not saying you're entirely wrong, phishing simulations won't stop all phishing. That's not really the goal, the goal is to lessen the burden on IR teams and overall risky practices by employees. It's not meant to stop it all.

@threatable I don't know what I read but you seem like you need a cup of tea and to maybe think about things a touch more before puking nonsense into replies.

@passthehashbrwn Shit tradecraft that works, still works. 🤷

@threatable It says that it gets caught all the time because spawning powershell -enc is shit tradecraft, do better

It really annoys me that ClickFix has a name but especially when it's described as sophisticated or interesting. Oh wow you tricked someone into executing cmd /c, WE GOT AN APT OVER HERE!

@Cyb3rMonk Now imagine when your AI Agent auto-contains everything because it "thinks" the script IT is running is malware. Which, to be fair, it does look like malware, but it's not and us humans knew about it for 3 years because we talked to another human. Weird.

Imagine your AI SOC Analyst / Threat Hunter doing this. 🤔 There are probably ways to prevent this behavior, but I'm not sure how effective they are. The best is to supervision the agent while it's analyzing the logs, validating the queries it runs on the data.

@Kostastsale Probably because there's so many people falling for these crazy *Fix campaigns and other various things around nearly every corner. It genuinely takes them that much time to get through them all.. or it takes time to sell the access to the "really bad guys".

The amount of campaigns delivering ConnectWise is shocking. To my experience, they’re also very slow at engaging with the compromised systems. I’ve seen anything between 2 and 4 weeks for HOK. So if you’re responding to these type of infections, there is still time 😂 (unless you’re very unlucky lol)

@_subTee I'd love if someone went and did analysis on everyone that's followed from Crypto -> NFT -> AI -> Whatever is next on the hype train snack cart.

@rucam365 What's SharePoint? It's called Share365 for Copilot now.

Microsoft I need you to understand that as long as I'm breathing in and breathing out I will never want Outlook or Teams to open a SharePoint link in the browser ever just always give me the app.

@Cyb3rMonk @shotgunner101

🦾I think I've made it! Need to do some verifications. CC @shotgunner101

@WATCHHOLLIE @OutlawsPoetic Bro thinks he's the flash or something.

@OutlawsPoetic You walk 5 miles in 1 hour?

Don't understand people who claim to walk 20k steps a day. Occasionally, on the weekends, when I tell my wife "let's go on a long walk", and we walk all day, and I look at my phone after hours and hours of walking, I'm at like 16,230 max. Is everyone just a liar?

@techspence And one of the biggest arguments against it is the budget required to maintain it. 🤣

More IT admins should become more familiar with what happens on a given endpoint during a given week. One of the strongest arguments for app control is the visibility it gives you into just that

Think this is number one use case for AI.

The #LOLRMM #Sysmon configuration has the DNS, Named Pipe and Network Connection Sections now done aswell. Feel free to check it out. @M_haggis @nas_bench @Kostastsale @cyb3rbuff @_josehelps @cyb3rops github.com/shotgunner101/…

@infosec_fox Probably more like 85%...

I love X but I’m pretty sure at least 65% of y’all are bots

Last quarter I rolled out Microsoft Copilot to 4,000 employees. $30 per seat per month. $1.4 million annually. I called it "digital transformation." The board loved that phrase. They approved it in eleven minutes. No one asked what it would actually do. Including me. I told everyone it would "10x productivity." That's not a real number. But it sounds like one. HR asked how we'd measure the 10x. I said we'd "leverage analytics dashboards." They stopped asking. Three months later I checked the usage reports. 47 people had opened it. 12 had used it more than once. One of them was me. I used it to summarize an email I could have read in 30 seconds. It took 45 seconds. Plus the time it took to fix the hallucinations. But I called it a "pilot success." Success means the pilot didn't visibly fail. The CFO asked about ROI. I showed him a graph. The graph went up and to the right. It measured "AI enablement." I made that metric up. He nodded approvingly. We're "AI-enabled" now. I don't know what that means. But it's in our investor deck. A senior developer asked why we didn't use Claude or ChatGPT. I said we needed "enterprise-grade security." He asked what that meant. I said "compliance." He asked which compliance. I said "all of them." He looked skeptical. I scheduled him for a "career development conversation." He stopped asking questions. Microsoft sent a case study team. They wanted to feature us as a success story. I told them we "saved 40,000 hours." I calculated that number by multiplying employees by a number I made up. They didn't verify it. They never do. Now we're on Microsoft's website. "Global enterprise achieves 40,000 hours of productivity gains with Copilot." The CEO shared it on LinkedIn. He got 3,000 likes. He's never used Copilot. None of the executives have. We have an exemption. "Strategic focus requires minimal digital distraction." I wrote that policy. The licenses renew next month. I'm requesting an expansion. 5,000 more seats. We haven't used the first 4,000. But this time we'll "drive adoption." Adoption means mandatory training. Training means a 45-minute webinar no one watches. But completion will be tracked. Completion is a metric. Metrics go in dashboards. Dashboards go in board presentations. Board presentations get me promoted. I'll be SVP by Q3. I still don't know what Copilot does. But I know what it's for. It's for showing we're "investing in AI." Investment means spending. Spending means commitment. Commitment means we're serious about the future. The future is whatever I say it is. As long as the graph goes up and to the right.