#DFIRaimi

Friday drop - a lil POC for trying to find similarity across Macho files! tl;dr two scripts to get: 🔧 dylib hash (dependencies) 🏗️ export hash 🛂 import hash 👷‍♂️ certificate name hoping we can use this to a our quick pivots across Mac malware ! github.com/g-les/macho_si…

update, semi yearly quarterly cyber crime power tiers

happy holidays

When Bryce went to Bryce, Bryce bought Van a Bryce shirt. So when Van went to Bryce, Van bought Bryce a Bryce shirt. Now Bryce must go to Van and buy Van a Van shirt. #vancity #MYcity

twitter Infosec charlatans providing incident response updates for a case they aren’t working

Rising mud bathes all hogs

Don’t tell me, show me. The priority and order of too much threat intel seems to be narrative first, data/evidence second. The story I want to be told is not your hypothesis, it’s how you got there. We would all benefit from getting a lot more comfortable showing our work.

coinminer groups using firewall exploits a week after the pros have their turn

Come see a talk from one of the key drivers of this research. #UNC4841 is noteworthy not only for their crafty exploitation of Barracuda ESGs, but for their ability to quickly adapt to remediation efforts.

Remember when toll roads used to be a carnival game of throwing coins into a basket

More details on the lesser known and reported CN espionage actor #UNC3886. Our blog include insights about their operations following 0day exploitaion of Fortinet and VMware technologies. The actor made extensive use of public rootkits as well as custom malware. Check it out!

For my Canadian lawyer friends, tomorrow morning I’ll share some insights from Mandiant’s Incident Response practice on how everything is for sale in the underground economy and how that facilitates the intrusions we see against enterprises in Canada

It was a pleasure to dive into the research on the malware family SILENTSTEP with the great folks at Sthack. The organizers put on an excellent conference and the attendees are warm and welcoming. #Bordeaux #AmericanInFrance

My new EDR startup company idea: - Privacy FIRST! — CASH 💵 only - No telemetry collection! (Send what feels right for you ♥️ 😇) - Vendor agnostic, which means it don’t collect nothin 🫡😤 - Guaranteed 100-day SLA response time for critical incidents 🔐 💯