Markus Lassfolk

1.5K posts

Markus Lassfolk

@lassfolk

Got a passion for Technology in general but with a big Cyber Security focus. VP for Incident Response @Truesec @[email protected]

Sweden เข้าร่วม Şubat 2012

1.2K กำลังติดตาม1.7K ผู้ติดตาม

Markus Lassfolk@lassfolk·5 Nis

@felipeallende @jorgeaq_17 @de_jong_paul @F1Media @F1TV under account settings.

English

421

Felipe Allende@felipeallende·5 Nis

@jorgeaq_17 @de_jong_paul @F1Media @F1TV How do I do that on apple tv? 😱

English

537

Paul de Jong@de_jong_paul·5 Nis

@F1Media @f1tv qualifiying error on #F1TV Premium.

English

716

Markus Lassfolk@lassfolk·5 Nis

f1tv - got it working by disabling multiview (under account settings) and watch normal stream 👍

English

819

Markus Lassfolk รีทวีตแล้ว

Johannes Bader@viql·30 Oca

Today, I'm releasing the first version of a small web 🚀: rosti.bin.re It provides IOCs and YARA rules collected semi-automatically from public blog posts and reports of almost 200 cybersecurity sites. I hope it proves useful to some of you ... 🙏✨ #ThreatIntel

English

124

372

32.3K

Markus Lassfolk รีทวีตแล้ว

Adam Chester 🏴‍☠️@_xpn_·23 Kas

This hack is brilliant, APT28 hopping into a target environment over wifi by compromising neighbouring companies and finding a dual-homed host within range. volexity.com/blog/2024/11/2… And yet... they got caught doing this!

English

101

623

88.8K

Markus Lassfolk@lassfolk·14 Eyl

New breakout from Hyper-v guest to host. Details here: truesec.com/hub/blog/how-t…

English

1.3K

Markus Lassfolk@lassfolk·19 Tem

@david_obrien @mrcoups @CrowdStrike Yes, we have seen it take up to 15-20 reboots until you are lucky to get the updated file and problem is solved.

English

David O'Brien (he/him)@david_obrien·19 Tem

@mrcoups @CrowdStrike There are legit reports saying that repeated reboots might fix it.

English

114

Martyn Coupland@mrcoups·19 Tem

The fix from @CrowdStrike so far is to login to individual servers to fix the issue, if you’re in the enterprise, today is not a great and you have a long weekend coming up. Please remember your sysadmins today!

English

760

Markus Lassfolk@lassfolk·19 Tem

@x0rz What about disk-encrypted systems, ie with Bitlocker etc?

English

390

x0rz@x0rz·19 Tem

> PXE boot on a system-rescue.org image > ssh into every workstations/servers > remove faulty .sys file > reboot normally > CrowdStrike updates > ??? > profit and see you on monday

English

4.8K

Markus Lassfolk@lassfolk·23 Haz

@vmesc4pe @_JohnHammond We do the same. Its great for automated flows and sharing, all machine-to-machine stuff, and as a database. But we use other tools to actually do the daily job, like OpenCTI and self developed things.

English

135

plato@vmesc4pe·23 Haz

@_JohnHammond All of the above. We store every ioc we come across and use it to enrich our detections and IR tooling, then share ioc data with other government misp instances. Hooks up to DFIR-IRIS quite well too

English

227

John Hammond@_JohnHammond·23 Haz

CTI/DFIR people. If I may please prod your mind. Do you actually use MISP?

English

13K

Markus Lassfolk รีทวีตแล้ว

David das Neves@david_das_neves·11 Haz

Windows 11's new AI Recall feature raises security concerns. Therefore, check this KQL hunting query (see below) designed for Microsoft Defender for Endpoint users to detect any activations of AI Recall on your network which has been created by Steven Lim. #ThreatHunting

English

147

16.9K

Markus Lassfolk รีทวีตแล้ว

Johan Arwidmark@jarwidmark·11 May

A friendly reminder that you are indeed responsible for backups even when using someone else’s data center.

Scott Piper@0xdabbad00

Google Cloud accidentally deleted a company's entire cloud environment (Unisuper, an investment company, which manages $80B). The company had backups in another region, but GCP deleted those too. Luckily, they had yet more backups on another provider. theguardian.com/australia-news…

English

9.6K

Markus Lassfolk@lassfolk·3 May

We are hosting our monthly Community Evening in Stockholm (on-premises, not virtual), this time on the subject of 'Operational Technology' with a guest speaker from SANS. Welcome! Link for pre-Registering: lyyti.fi/reg/Truesec_Te…

English

244

Markus Lassfolk@lassfolk·2 May

Looks like we will have a busy summer...

SinSinology@SinSinology

Nothing to be scared about folks, just another CVSS 9.8 0day disclosed 0days ago that's gonna get code execution in 0 seconds (3 seconds to be more accurate), no limitation, no authentication, no shit, just straight up remote code execution #IvantiForLife

English

416

Markus Lassfolk@lassfolk·1 May

@adbertram Great one! Had no idea. Is there one for DomainNames.tld too? 😀

English

182

Adam Bertram@adbertram·30 Nis

#PowerShell tip of the day: Use the [ipaddress] type accelerator to quickly parse and validate IP addresses.

English

136

8.9K

Markus Lassfolk@lassfolk·25 Nis

@tmels ohhh thank you, had missed that possibility! Will be a great extra project to work on.

English

Tony Mels@tmels·25 Nis

@lassfolk You can run M365 DSC and run difference report on set intervals.

English

Markus Lassfolk@lassfolk·25 Nis

Has anyone seen any way to visualize for Corp Users any changes IT does to o365/EntraID/Intune? Im dreaming of an internal website showing anything that has changed, showing any new apps, policy changes etc etc

English

655

Markus Lassfolk@lassfolk·7 Nis

@Voulnet x.com/_yeah_but_nah_…

Inconspicuous@_yeah_but_nah_

I cannot believe that you would post this child who clearly suffers from harlequin ichthyosis. This child was NOT burned by white phosphorus. The tightness of this child’s eyelids is due to the medical condition and NOT due to being burned alive. Shame on you. Do some research before posting your utter tripe. The only war crime is your X account, you foolish man.

QME

101

Mohammed Aldoub م.محمد الدوب@Voulnet·7 Nis

Which group of 'people' did this atrocity? What are you doing to resist this evil group? Do you have co-workers who support these war crimes? Do you work in a place that supports these war crimes?

Sulaiman Ahmed@ShaykhSulaiman

THEY USED WHITE PHOSPHORUS OK THIS CHILD This Palestinian girl lost her eyelids after being burned alive. War Crimes

English

6.2K

Markus Lassfolk@lassfolk·5 Nis

@matthew1471 @markwilsonit Same! And i do run the early releases for Unifi without her knowing and pray to god every update that nothing will break 😁. #shadowIT

English

Matthew@matthew1471·5 Nis

@lassfolk @markwilsonit I have more luck with the UniFi betas than with stable!

English

Markus Lassfolk รีทวีตแล้ว

Gi7w0rm@Gi7w0rm·25 Mar

I highly suggest everyone in #CTI to check out the community version of @ValidinLLC. Free availability of historical DNS data going several years back is absolutely amazing to have at hand. I use this tool several times a week during my investigations, with great success.

Validin@ValidinLLC

It's here - our long-awaited update is out! This update builds on our massive passive DNS database and is packed with features requested by the community. ❤️ If you're a threat hunter or researcher, this platform is made for you! validin.com/blog/announcin…

English

16K

Markus Lassfolk รีทวีตแล้ว

Valéry Rieß-Marchive | @valerymarchive.bsky.social@ValeryMarchive·16 Mar

This 👇 is interesting and suggests that we can't anymore consider only the possibility of a common initial access broker #IAB in case of one victim claimed under more than one #ransomware brand. I've counted 88 cases of cross-claims since Jan. 1st, 2023. Let's take a look...

DarkFeed@ido_cohen2

🌐 On the last day, Lockbit #ransomware group announced sixteen new victims despite operation #Cronos 🚨 More than five of the victims are companies that were already been #compromised by BlackCat (ALPHV) team, whose website was allegedly shut down by law enforcement 👀 #Lockbit with a total of 2533 victims 🥇 ➡️ More Info: DARKFEED.IO #BlackCat

English

24.4K

ค้นพบ

@felipeallende @jorgeaq_17 @de_jong_paul @F1Media @F1TV @f1tv @david_obrien @mrcoups