seb 
@seb@ioc.exchange
- alter ego
- https://sfba.social/@seb
- blog (www)
- https://decrypt.fail
- blog (dat)
- dat://cb6a4cc100a884cbd6cfad685c9b1cfd3b309cab4f183e2023fd32a5db1854e3/
Mod
Cyber blue team leader by day, tinkerer/hacker at night.
Architecting secure systems and traveling the world is what I like.
Unfair, harsh, inconsiderate behavior is what I don't like.
Joined Nov 2019
#cybersecurity #threatthursday #tt Let’s start a new weekly hash tag to talk about threat actors and their TTPs!
This week: Maze Hacking Group - A nasty cyber crime group that combines ransomware with data leaks.
https://labs.sentinelone.com/maze-ransomware-update-extorting-and-exposing-victims/
@jerry Just read your piece on Marsh's list of endorsed services.
I completely agree that in #cybersecurity (as in all other verticals within an larger org) success depends mainly on the ability to hire the right talent and the ability of the cyber lead to execute the strategy by implementing the necessary processes.
For me the next logical step is a deeper specialization of cyber talent - SOC analyst, vuln/risk manager, CSIRT engineer, etc.
https://infosec.engineering/the-role-of-cyber-insurance-in-security-operations/
What do have NYU.EDU, PURDUE.EDU and CS.WISC.EDU in common?
Their email systems have been used as attack infrastructure against us. Wonder if they all use the same type of email system.
All attacks used five random characters as the user part of the email address.
Investments in Zero-Day Vulns is going up. #cybersecurity #infosec
We observe so many vendor breaches since WFH started, feels like almost everyone got breached around us. #cybersecurity #infosec #COVID19
What is your strategy to approach application teams with #cybersecurity concerns? #infosec #blueteam
Anyone doing a vendor risk assessment before allowing IM Federation?
Anyone looked into Microsoft Flow / PowerAutomate as a phishing and dataexfil vector yet? #infosec #cybersecurity
Pro-actively searching through and correlating logs in your SIEM and cyber tools we call Threat Hunting. What does one call pro-actively searching through and correlating threat intel? Is it just the creation of more threat intel or is there a word/phrase for it? #cybersecurity #infosec #threatintel
If you still didn’t look at your VPN solution and did not run a threat hunt on it yet, go do it! #infosec #blueteam #cybersecurity https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/
Finally got around adding all these TI links into a wiki page: https://codeberg.org/cyberseb/ti/wiki/CTI
It already includes a good amount of TI resources but will be updated every time I run across something cool.
Why do you think the NSA is telling us to patch that trust vuln right away? #cybersecurity #infosec #blueteam
This is an actively exploited attack vector and slowly becoming mainstream! If you haven't put protection (CASB) in place yet, do it now.
#cybersecurity #infosec #blueteam
https://krebsonsecurity.com/2020/01/tricky-phish-angles-for-persistence-not-passwords/
If your organization cannot afford Enterprise grade DNS security tools, have a look at https://github.com/StevenBlack/hosts #cybersecurity #blueteam #InfoSec
Looking to add some more miners to our minemeld (https://github.com/PaloAltoNetworks/minemeld/wiki) instance. Anyone had a lot of success and can recommend one or two sources? Any bad experiences with any of the default miners? #InfoSec #cybersecurity #blueteam #threatintel #automation
Anyone have a good tool that makes searching through Windows Server DNS Debug Logs easy? #infosec #cybersecurity #blueteam
The excitement you feel when your SOC reports the first phishing email that found a way around ATP Safe Links... #infosec #cybersecurity #blueteam
When one of your vendors gets crypto-locked and you go through all contracts with them to figure out possible impact on your business...
Interesting times. #cybersecurity #risk
- alter ego
- https://sfba.social/@seb
- blog (www)
- https://decrypt.fail
- blog (dat)
- dat://cb6a4cc100a884cbd6cfad685c9b1cfd3b309cab4f183e2023fd32a5db1854e3/
Mod
Cyber blue team leader by day, tinkerer/hacker at night.
Architecting secure systems and traveling the world is what I like.
Unfair, harsh, inconsiderate behavior is what I don't like.
Joined Nov 2019
seb 's choices:
