Extremely proud to announce that my second ๐ฅ๐ฅcontribution to the
@MITREattack
framework has been published in version 14.
T1026.012:
Obfuscated Files or Information:
LNK Icon Smuggling
โ๏ธ
Big shout out to my co-contributors
@greglesnewich
and
What did you just say about me, you little jerk? Allow me to inform you that I graduated with top honors from the SANS Institute. Throughout my career, I have gained expertise in email security and combating viruses.
I possess extensive knowledge in defensive strategies and have
I highly recommend that infosec professionals should work on both red and blue. Ideally blue, red, and then blue again.
Defenders need to think like an attacker.
Attackers need to not forget what their purpose is.
What security products or services are you a โfanโ of? This isnโt an endorsement or formal thingโฆI just find myself cheering for a couple of brands over the years that have consistently been doing good work.
Just off the top of my head Malwarebytes, Publicwww, and UrlscanIO
I just want to take a moment to thank Cisco and their researcher team for their transparency and for their willingness to address the issues I raised regarding part of their latest write up.
This response speaks to the integrity of their team and their commitment to the community
I'm proud to announce that part 2 of my report on
#TA569
is out:
A big thank you to co-authors and contributors:
@0xkyle
and the Threat Research Team.
And
@selenalarson
for her editing prowess.
CC:
@threatinsight
@proofpoint
1/N ๐งต
๐๐๐๐
๐งต1/2
Happy to announce that after many years of sitting on this code for personal use I'm releasing my Rapid Response Reporting corpus. A series of images and "quick win" documentation for helping incident responders based on malware family.
eg. Agent Tesla
I was trying to stage my record with my distro service but I accidentally submitted it so i guess I have a new record coming out next week. ๐คทโโ๏ธ ๐
Made the artwork today as well.
Pretty proud of the whole thing.
Hey gang! Thanks for all the new followers! I primarily deal with tracking
#TA569
/
#socgholish
. I also have a vested interest in Emotet as well as general Conti activity. Below Iโll link to some of my other research with my peers. ๐๐๐
@afatassfeminist
@angrybIackgirI
Respectfully, though you may not be overtly homophobic Iโd encourage you to consider this:
The potential for homosexual attraction in your mate is what you find repulsive. That is indeed a way that internalized homophobia presents itself. Itโs not a preference, itโs a bias.
๐งต My first of two reports coving
#ta569
and
#socgholish
is out this morning.
This first report is a primer and overview of the specific
#socgholish
threat.
The second will cover the entire
#ta569
ecosystem.
This is a great read if you plan on attending my talk today.
Iโm proud to announce that this yearโs Human Factor report is now available.
The 2023 Human Factor report delves deeper into recent advancements in the threat landscape, with a particular focus on the intersection of technology and psychology that enhances the potency of the
Hey gang. I know a lot of you follow me because of my research on
#SocGholish
and
#TA569
. Next week I'm doing a deep dive webinar on this topic. You will have an hour of my time where I cover what you need to know as a defender and responder.
Link to sign-up in comments:
New
@proofpoint
podcast Discarded just dropped.
Join us as we discuss:
โข The journey leading to Emotetโs return
โข The importance of the Conti group leaks
โข What defenders should be thinking about against cyber threats
Iโm a bisexual man and I exist.
Iโm not confused.
Iโm not greedy.
Iโm not testing the water.
Im not 50% gay and 50% straight.
Iโm 100% bisexual.
#BiVisibilityDay
Wanna join the team?
Day to day:
Write intrusion detection rules for the Snort and Suricata platforms
Answer support questions about rule guidance and false positives
Work with the open source community to maintain and optimize the ETOpen ruleset
๐ Emotet Update ๐คก
Past 24 hours
~6000 Samples analyzed
~90 C2 ips
>13000 unique payload URLS
Volume still increasing
Same regserver -> .ocx
*Interesting* Most are randomized directories on a handful of hosts.
*Interesting* Use of Covid-19 Lures
We're releasing ATT&CK on the perfect date! Put on your light jacket and jump into structured detections, subs for mobile beta, and ICS on our main site.
Changelog is up at
and
@_whatshisface
&
@JasonAjmo
describe what's new in .
@SwiftOnSecurity
Glad you are still here. Read the whole thing. Can relate. I was also a depressed teenager who became a drop out and got my GED. โค๏ธโ๐ฉนโค๏ธโ๐ฉนโค๏ธโ๐ฉน
Proofpoint observed new activity impacting French entities in the construction, real estate and government sectors. The attack is highly targeted and dates back to February with activity seen as recently as last week. ๐
Our latest blog has the details:
Just had the biggest two weeks of my professional career back to back. ๐งต
Discovered and submitted a new procedure to
@MITREattack
that is forthcoming.
Really looking getting after
#TA569
tomorrow.
I didnโt expect my commentary on Twitter followers to net me so many new friends, but I can assure you that I will continue to focus on fact based research with a healthy dose of memes and infosec commentary. :)
My wife just surprised me with a vintage floor length original Gianni Versace leather coat from the 1980โs. It is in exceptional condition and I am one step closer to realizing my absolute villain form.
@dieworkwear
Such a good topic. I find some luxury sneakers like St. Laurent are fantastic quality but others like Prada are terrible. Versace, Alexander McQueen, Rick Owens are great too. Any opinions on major fashion house โsneakerโ offerings? Materials, construction, etc. I find the
๐งต๐ฐ๐ณ๏ธ 1/?:
Stumbled down a rabbit hole yesterday and I'm still making sense of it. I don't have all the answers nor do I even have a name for the type of TDS JS nightmare that I ran into but its a pretty wild ride! ๐
H/T:
@lshirley30
for asking me about this
๐ฆ๐ฆConference Announcement๐ฆ๐ฆ
I'm proud to announce that I'll be speaking at the University of Kansas (
@UnivOfKansas
) at the
FBI AND KU CYBERSECURITY CONFERENCE on 04/04.
cc
@FBIKansasCity
@sec_kc
About 8 years ago I fell ill with fever, body pain, vertigo and neuralgia. After quite a bit of testing it was determined that I had Zoster sine herpete (ZSH) aka shingles with no rash. Unfortunately this isnโt something that just goes away and every so often it raises its ugly
I want to take a moment to highlight some really fantastic work by
@k3dg3
,
@Myrtus0x0
, and
@joewise34
.
Proofpoint researchers hypothesize the original operators behind Emotet are using an IcedID variant with different functionality.