When your red team engagement produces targeted malware that is discussed on security blogs...

Was able to spin applying IPS signatures to prevent exploitation of a vuln as a nice service to my sysadmins, who aren't sure whether they can apply an immature patch quickly enough.
They really appreciated the extra time to figure out fixing the vuln.

Don't think this will change InfoSec's perception from a Taker to a Giver but it is a start.

What do have NYU.EDU, PURDUE.EDU and CS.WISC.EDU in common?

Their email systems have been used as attack infrastructure against us. Wonder if they all use the same type of email system.

All attacks used five random characters as the user part of the email address.

We observe so many vendor breaches since WFH started, feels like almost everyone got breached around us.

What is your strategy to approach application teams with concerns?

Anyone doing a vendor risk assessment before allowing IM Federation?

Anyone looked into Microsoft Flow / PowerAutomate as a phishing and dataexfil vector yet?

Pro-actively searching through and correlating logs in your SIEM and cyber tools we call Threat Hunting. What does one call pro-actively searching through and correlating threat intel? Is it just the creation of more threat intel or is there a word/phrase for it?

community! I predict national firewalls completely segmenting the Internet within the next 10y. What will be the FREE alternative Internet? Will there even be one?

community! What is your favorite GRC tool?

Finally got around adding all these TI links into a wiki page: codeberg.org/cyberseb/ti/wiki/

It already includes a good amount of TI resources but will be updated every time I run across something cool.

Why do you think the NSA is telling us to patch that trust vuln right away?

This is an actively exploited attack vector and slowly becoming mainstream! If you haven't put protection (CASB) in place yet, do it now.


If your organization cannot afford Enterprise grade DNS security tools, have a look at github.com/StevenBlack/hosts

Looking to add some more miners to our minemeld (github.com/PaloAltoNetworks/mi) instance. Anyone had a lot of success and can recommend one or two sources? Any bad experiences with any of the default miners?

Anyone have a good tool that makes searching through Windows Server DNS Debug Logs easy?

Show more

InfoSec Community within the Fediverse. Instance is supposed to be fast and secure. Everyone is welcome - Jump on Board!

We have a Getting Started Guide here: https://guide.ioc.exchange

Other Cyber Communities: