seb @seb@ioc.exchange

Pro-actively searching through and correlating logs in your SIEM and cyber tools we call Threat Hunting. What does one call pro-actively searching through and correlating threat intel? Is it just the creation of more threat intel or is there a word/phrase for it? #cybersecurity #infosec #threatintel

If you still didn’t look at your VPN solution and did not run a threat hunt on it yet, go do it! #infosec #blueteam #cybersecurity https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/

Finally got around adding all these TI links into a wiki page: https://codeberg.org/cyberseb/ti/wiki/CTI

It already includes a good amount of TI resources but will be updated every time I run across something cool.

#cybersecurity #infosec #blueteam

Why do you think the NSA is telling us to patch that trust vuln right away? #cybersecurity #infosec #blueteam

This is an actively exploited attack vector and slowly becoming mainstream! If you haven't put protection (CASB) in place yet, do it now.

#cybersecurity #infosec #blueteam

https://krebsonsecurity.com/2020/01/tricky-phish-angles-for-persistence-not-passwords/

If your organization cannot afford Enterprise grade DNS security tools, have a look at https://github.com/StevenBlack/hosts #cybersecurity #blueteam #InfoSec

Looking to add some more miners to our minemeld (https://github.com/PaloAltoNetworks/minemeld/wiki) instance. Anyone had a lot of success and can recommend one or two sources? Any bad experiences with any of the default miners? #InfoSec #cybersecurity #blueteam #threatintel #automation

Anyone have a good tool that makes searching through Windows Server DNS Debug Logs easy? #infosec #cybersecurity #blueteam

The excitement you feel when your SOC reports the first phishing email that found a way around ATP Safe Links... #infosec #cybersecurity #blueteam

When one of your vendors gets crypto-locked and you go through all contracts with them to figure out possible impact on your business...

Interesting times. #cybersecurity #risk

When your MSP downloads random tools onto your production servers that trip your AV... *sigh* #cybersecurity #infosec #sysadminfail

Operation Glowing Symphony | If you are into stories about US Cyber Command + Anonymous, this is the coolest podcast episode ever! #infosec #redteam #cybersecurity #cyber

https://podcasts.apple.com/us/podcast/darknet-diaries/id1296350485?i=1000455532386

If you could only establish one new program next year and you don't have any of the below running yet, which program would you start?

#cybersecurity #priorities

The Ultimate Phishing Defense KPI or how to show that your phishing defense is worth the money. #cybersecurity #infosec #blueteam https://rfc.ioc.exchange/seb/the-ultimate-phishing-kpi

@JohnsNotHere Thanks for bringing up the topic of passive DNS as a TI source. Anyone here using passive DNS providers for their TI? What use cases do you support with it? #cybersecurity #threatintel

@Shib @chmodx This might be an idea worth knowing for both of you: https://en.wikipedia.org/wiki/Traffic_Light_Protocol #cybersecurity #infosec #ioc

Which attack vector do you worry most about? #cybersecurity #infosec (reply if other)

Endpoint Isolation using Windows Firewall: https://medium.com/@cryps1s/endpoint-isolation-with-the-windows-firewall-462a795f4cfb #cybersecurity #csirt

Anyone here ever unleashed the Infection Monkey on your prod network?

https://github.com/guardicore/monkey

#cybersecurity #pentest #vulnerabilities

Are you building a #cybersecurity team and are in need of a toolset that allows multiple analysts to collaborate on cases and observables/offenses/notables?

Check out the Hive Project: https://thehive-project.org/

#infosec #cyberops #foss