To: InfoSec From: Sherrod ❤️ Please don’t do victim blaming. You’re essentially expecting average people to go head to head with Russian organized crime. And win. It’s silly. ❤️⭐️🌈✨🎉

APTs, supply chain poisoning, and 0days are more interesting, but ransomware will force real change. Any network can be monetized, so every network will be attacked.

The indicators (yara, snort rules and hashes) from @FireEye are available in the CIRCL - @[email protected] MISP (@[email protected]) OSINT feed as MISP format circl.lu/doc/misp/feed-…

"THEN THE BUSINESS SHOULD NOT EXIST!"

Within the ransomware hunting team, we often joke about what new "innovative" ways people will claim to be the next big fix for ransomware. One of these 8-year-old running gags kinda turned into a real recommendation recently: Changing your keyboard layout to Russian.

The Hard Truth About Ransomware: Probably one of the best reads on #ransomware in the past year by Kevin Beaumont doublepulsar.com/the-hard-truth…

There's often interesting public discussion about vendor detection tools and what they detect vs expectations. There's some interesting decision making that happens behind the scenes at these vendors when it comes to how they manage detection signatures. A thread... 1/

Don't misunderstood me: TPM, UEFI, SecureBoot, VBS, attestation, etc. all these technologies are good - and I adopt/push them... really. But this does not correspond to the reality of the mass of attacks encountered on the field > Think about macros, script, wpad, ntlm relay...

Thank you to all of the defenders watching the wires and cleaning up the messes this holiday weekend. It’s been a hell of a week already, and we’re just getting started.

TFW when the InfoSec community publishes information that your patch is broken and it takes you 2 days to create your own advisory, and then 1 more day to crib workarounds that they’ve already published, and then you keep getting parts wrong, and you still don’t have a patch out.

All cyberattacks are sophisticated, just as all the children in Lake Wobegon are above average.

Check your assumptions with security logging. Are you actually getting the logs? In the format you expect? From the number of agents you have? Alerts aren't enough you need eyes-on periodically. A lot can go wrong.

The challenge is to constantly push yourself to think about the specific question after the broad question. "Is it malicious?" "Did the attack succeed?" "Was there lat movement/exfil/cred theft?" All those questions are too broad to answer as they are stated. 11/

Attack Surface Management and Attack Path Management: similar names, different solutions. Read more about Attack Path Management here: posts.specterops.io/the-attack-pat…

Blue team folks... we have to talk. It's awesome that you're logging. That's the first step. Now here's the cool stuff to look for that the vendor didn't tell you about. 1

after today’s ruling, I don’t want to see any events or cons mentioning the words diversity or inclusion if they’re taking place in a state which does not guarantee abortion access. doing so is now explicitly exclusionary against people with uteruses. support our rights or stfu.

I just want to take a moment to thank Cisco and their researcher team for their transparency and for their willingness to address the issues I raised regarding part of their latest write up. This response speaks to the integrity of their team and their commitment to the community

#Netflix has unveiled the details of its new anti-#PasswordSharing policy, detailing a suite of complex gymnastics that customers will be expected to undergo if their living arrangements trigger @Netflix's automated enforcement mechanisms: thestreamable.com/news/confirmed… 1/

Anti-cool-kid-hot-take: Lots of ppl are super excited because bots can now expand posts and generate more content when “more content” wasn’t really the problem. We need good ideas conveyed in less words, not more words automatically generated around the existing ideas.