🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

This is why I think TTP count is a terrible metric. You either detect the procedure adversaries use or you don’t, this count of 4 for whoami /all is meaningless in most cases.

Whew! It lives! Sirius Scan github.com/SiriusScan/Sir…

Get your tickets now, John Hammond is coming to town!

Stock up toilet paper now! 😂 scmp.com/news/china/sci…

I checked out the #ZeroDay series on Netflix and I think this depiction of events would take too many coordinated attacks. The Russian targeting of Ukraine with Blackenergy and Industroyer is more realistic to what happens. The scenes I saw more resemble an EMP attack.

Formula 1 is back! If you played last year, you can rejoin without a passcode. If you would like to play, set up a team at fantasygp.com and DM me for the code to join #InfoSecF1

Did some vendor actually try to develop their own CVE system for marketing and advertisement reasons, like ZDI-CAN-25373, instead of a standard CVE 🧐

Is this a CVE? "ZDI...relates to the way Windows displays the contents of shortcut (.lnk) files through the Windows UI... an attacker can prepare a malicious .lnk file for delivery to a victim...the victim will not be able to tell that the file contains any malicious content."

How to properly evaluate a CVE score: 1. Is Gossi freaking out? 2. Is Florian freaking out? 3. Does SANS have an emergency webcast? 4. Are all your red team friends losing their minds over how crazy easy it is to give them awesome access.

Hey Cuckoo Sandbox, you alright? 🤨

If you want to reduce dwell time, which reduces the risk of impact, then don’t wait on risk and correlation alerts. Instead, tune your rules and start working low and informational alerts.

Verizon AI Burp Extensions (VAIBE): github.com/Verizon/verizo…

Wow, I’ve been sleeping on the Windows key + H shortcut. It works pretty well.

There’s still time left to get signed up for my Purple Team 101 course at B-Sides Tampa IT Security Conference! events.bsidestampa.net/BSidesTampa2025

Shoutout to Darkoperator | 🇺🇦 for pointing this out. There's now a Sysmon for ARM, sysmon64a.exe.

It’s time, #BSidesTampa is kicking off training today and the conference is tomorrow!

This scene from John’s presentation was AMAZING. It hit on so many levels. I’ve never seen someone strike meaning and theatrical performance to this degree before. It was pure gold.