OMG LOL LOL LOL #Cyber #Lulz metro.co.uk/2023/07/03/cyb…

We would like to express our condolences to Blue Teamers. Microsoft has announced Microsoft Excel will now support Python. More information: techcommunity.microsoft.com/t5/microsoft-3…

msrc.microsoft.com/blog/2023/09/r…

The first part of my blog series on how we’ve been scaling detection and response operations at Coinbase is live! Interested in speeding up your investigations, increasing the visibility of key data sources, and improving quality of life for analysts? coinbase.com/blog/scaling-d…

A couple thoughts on ATT&CK Evaluations...yes, the marketing is ridiculous. I also hope the useful parts of these evaluations won't get completely lost in that. You can find a lot of insight on tools if you dive into the results. Here are some example questions to consider...

Mitre Att&ck Turla Vendors With No Config Changes paloaltonetworks cybereason sentinelone ibmsecurity somma watchguard symantec

Scaling detection and response operations at Coinbase part 2 & 3: 🔍 Driving context into detection logic with machine and user profiles 🔧 Codifying automatic remediation for high-risk detections 📫 Automating alert triage with employees via Slackbot coinbase.com/blog/scaling-d…

Very nice project from Costin Raiu , Is Now on VT! ! Get notified when interesting APT/FIN indicators of compromise appear on VirusTotal! Costin Raiu any info on how this works? and if there is a stream we can contribute to add IOCs/reports to follow? x.com/Now_on_VT/stat…

Datadog's security team has just released KubeHound, an open-source attack mapping tool for Kubernetes clusters securitylabs.datadoghq.com/articles/kubeh… kubehound.io Comes with 25 attack types, each one comes with step by step instructions of how to exploit it

New blog post is up which looks at an unpatched vulnerability in macOS which allows us to hijack entitlements from signed binaries.. aka.. DirtyNIB. blog.xpnsec.com/dirtynib/

I had to use Splunk to query something today for the first time in a long time. I hope it's the last time in a long time. Inb4 all the Splunk lovers come after me, KQL > SPL.

anything > SPL

friends don't let friends just sling around TIDs 🚷

🚨IMPORTANT🚨 We have observed that the implant placed on tens of thousands of Cisco devices has been altered to check for an Authorization HTTP header value before responding [1/3]

A harsh but extremely fair admission from ex blue team member of 1Password As a result of their recent post I am no longer recommending 1Password being used in any mission critical or corp environments, they in their current state are a liability. x.com/Hacker_Horse/s…

Yesterday 1Password released an Incident Response Report believing that when Okta was breached (again) the Threat Actor(s) tried to pivot to them. They noted they used MalwareBytes™ FREE AV

"why did everyone sh*t on CTI teams?" Spicy takes, real underlying issues reddit.com/r/cybersecurit…