New e-crime insights: TA4557, known for distributing More_eggs malware, notably expanded to an int'l audience in recent campaigns. Per our data, the recruiter-focused TA was seen targeting orgs in France, England & Ireland, in addition to typical North America-targeted threats.

Nice report from Proofpoint on TA4557! I noticed that you can hunt for Resume Profiles dropping More_Eggs backdoor: http.title:"Resume" HTTP/1.1 200 OK Date: GMT Server: Apache/2.4.58 (Ubuntu) Vary: Accept-Encoding Content-Length: Content-Type: text/html; charset=UTF-8 Happy

SIEM/SOAR platforms can empower network defenders to uncover cyber threats and protect your data from malicious actors. Cybersecurity executives and practitioners should review our new joint guidance to ensure proper implementation and security. nsa.gov/Press-Room/Pre…

🚨Kroger cybersecurity is hiring! Check out the postings here: linkedin.com/posts/activity… #cyberjobs #hiring

How password spraying works

Great talk by John Lambert on ways you can turn security data into graphs: youtube.com/watch?v=cXhX3s…. Especially the vector part is great: so many tools have built in support for embeddings (e.g. BigQuery ML.GENERATE_EMBEDDING and VECTOR_SEARCH), defenders should be using them more!

This talk from John Lambert is indeed very good and is taunting me with doing math at work 😒 Srsly tho I’d love to take a class on applied algebra for anomaly detection from him because he explains it so clearly 🤩

At this point, maybe North Korea should just start selling bootcamps for how to break into cybersecurity. They seem to have really figured that shit out.

How cross-trust Kerberos authentication works #ThreatHunting #DFIR

Fuck it. Entire "Mama I'm Coming Home" from Ozzy's final set.

✅The UAC Bypasses module is now available in the instant SIEM! Practice investigating a diverse set of UAC bypasses with Kusto Query Language (KQL)! #ThreatHunting #DFIR aceresponder.com/learn/uac-bypa…

A buffer overflow attack visualized. #ThreatHunting #DFIR #redteam

How Windows security descriptors work. #Windows #ThreatHunting #DFIR

How to spot a penetration tester #ThreatHunting #DFIR

How the diamond ticket attack works. #ThreatHunting #DFIR

"vibeyness"™️ may soon become a malware classification metric.

PE Import Anatomy #ThreatHunting #DFIR #Windows

Tech CEO who never had "low velocity" 7.62 shot at them.

when your ai girlfriend was on aws us east 1