置顶推文
Looking forward to presenting again at #BSidesSF on April 22, this time it's "Hunting Cloud Supply Chain Threats Using Anomaly Detection."
sched.co/1HzuT
English
Craig Chamberlain
16.3K posts
Craig Chamberlain
@randomuserid
Former Elastic, QRadar. I do detection. I'll find you, it's what I do. It's all I do. Tweets my own @[email protected] | @randomuserid.bsky.social
Boston, MA 加入时间 Ocak 2011
1.6K 关注2.4K 粉丝
@MalwareJake I have a feeling you’re right about their capabilities having been degraded and if so that is good news and I will take it. I’m not super concerned about external DDoS attacks in general, I think crews persisting inside networks would be my main problem. If they still have some.
English
@randomuserid Not at all.
x.com/MalwareJake/st…
Jake Williams@MalwareJake
I've already had questions from a FinServ client about Iran replicating Operation Ababil (2012-2013 DDoS targeting FS orgs). My assessment is that is not likely to happen. Iran has limited capacity for cyberattacks and given the current situation, they have MUCH higher priorities for cyberattacks. Realistically, they are FAR more likely to use their limited cyber resources for intelligence collection instead of destructive attacks that would have limited impacts. They are likely unable to perform another Shamoon-style attack either, since that requires significant prepositioning. In any case, it's unlikely they have enough prepositioning in US orgs (especially FS) to create that type of impact. One other note, is that FS orgs are in a much different position today to deal with any DDoS attacks that Iranian-linked threat actors might attempt. Operation Ababil was a wakeup call for the whole industry and they've definitely become more resilient to DDoS in the last decade+ since.
English
Hi, former NSA hacker here 👋: You'll notice they're targeting civilian infrastructure, not government networks with intelligence collection value. That's because once you deliver an effect (CYBERCOM speak for "cyber attack") in a network, you lose the ability to collect intelligence from that target. 1/4
Emanuel (Mannie) Fabian@manniefabian
Amid the Israeli and US strikes on Iran, a wave of cyberattacks have also targeted the country, the semi-official Fars news agency reports. Fars says that several major Iranian news agencies were targeted and "experienced severe disruptions in their operations," and that some widely used mobile applications were also experiencing disruptions.
English
@stephanpastis I give my name as Rock (my name apparently means a rocky outcropping in old English) I gave up a long time ago trying to make my first or last name spelled or pronounced
English
I always give my name as Steve when ordering coffee because Stephan is too hard to spell. Today this happened:
English
The CVSS score for the CVE has been adjusted to a 10.0 it appears 👀
msrc.microsoft.com/update-guide/v…
Dirk-jan@_dirkjan
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
English
@HackingDave Advance team for the annexation of Canada? Or maybe Panama
English
@cyb3rops What data types are available for writing detection on? Network data I suppose but is there any host data that can be instrumented and used?
English
VMware reports active exploitation of new ESXi zero-days - but only gives us a patch matrix 🙄
- How is it so hard to understand that if a zero-day is actively exploited, we need indicators and forensic guidance to hunt?
- Otherwise, we’re just blindly patching already compromised systems 🤦♂️
support.broadcom.com/web/ecx/suppor…
English
@HackingDave @amrittsering If you bought one of those, made to look like a clown, and brought it home, it might eventually cure your clown phobia. Might take a few months
English
@amrittsering This is very true. I would be signing up for the first mission to Mars.
English
nightmare juice right here
Clone@clonerobotics
Protoclone, the world's first bipedal, musculoskeletal android.
English
English
@dtoxmilenko @evilsocket 😂😂 A damp squib after all. Who is printing from Linux anyway ? I’d like to read that write up on how they got a printer to work in Linux
English
Attacking UNIX Systems via CUPS, Part I
evilsocket.net/2024/09/26/Att…
English
@csoandy @securityweekly Firewall bypass..their firewall change was rejected and they realized they could get a network cabling change approved / done
English
@securityweekly Guess: they’re patching two switches together. No, there’s no good reason to do it this way.
English
I want to know the story behind this one...
English
Anyone else notice something in these numbers that is not being talked about? Ignore the candidate numbers for a moment and look again
projects.fivethirtyeight.com/polls/presiden…
English
@gunsnrosesgirl3 99% of reported alien sightings now explained?
English
@HackingDave Maybe they have you on some kind of VIP list of persons needing special or extraordinary fraud protection. Can you make contact with their security team or CSO
English
ATT drama update, they gave me a number to fraud department. Was the wrong number and can't speak to a live person, it's just to submit if you've had fraud.
Called back number for customer service, 35 min hold time, finally research someone live and all of their systems are down.
Out of this world..
English
@HackingDave @Combobulate Maybe someone just wanted to start a program to study the topic and writing something as interesting as this sounds was the way to get it funded and / or construct the apparatus to look inside the SAPs and see what’s there. Maybe someone just wanted to go look because they could
English
@HackingDave @Combobulate IDK is this real? If it were real, why would they declassify something that acknowledges unacknowledged programs so secret, and so sensitive, involving something so advanced that they worry about "irreversible damage" to natsec if it leaked..
English
The release of the classified (now unclassified) documents of the Kona Blue program is further smoke of what is most probably an extremely large fire in the UFO/UAP discussion.
AARO published the documents of the Kona Blue program which shows the request for direct funding of advanced and unknown technologies, retrieval programs, medical examinations and more.
The program was designed to reverse engineer alien technology from crashed retrieval programs.
Does this confirm existence of aliens? No. The government is claiming the program was scrapped because it never found any evidence of aliens.
The lingering question is why would such a large program (15, 25, and 50 mil) be necessary if nothing existed? Also it notes funding for examination of already retrieved advanced crafts and organizing efforts to those that have already studied them.
This stuff is wild.
aaro.mil/Portals/136/PD…
English
@SimoKohonen @jfslowik Tesseract model. Might as well go into four dimensions while we’re at it
English
This is from a posting for a cyber threat intel analyst position topping out at $150k. Whoever put this together is some other kind of disturbed
English
@jermops @QuinnyPig Oh I see it’s load balanced somehow and fault tolerant. For a financial transaction system zero downtime I can see how that could make sense. Maybe for some web property backends
English
@randomuserid @QuinnyPig Not defending the pricing, but there is non-trivial complexity, and value, in maintaining a set of fault tolerant NAT boxes, right-sizing them, upgrading them, failing between them for such events, seamlessly, using the same IP, and never going down.
Highway robber pricing, tho
English
I will pay top dollar for one of those houses just to be within easy trebuchet range of a NAT Gateway.
John Pompliano@JohnPompliano
Amazon building a data center right behind homes in Virginia. If you’re going to buy a home next to an empty lot, make sure to do thorough due diligence.
English