A marketing director discovered that P1 Critical tickets have a 15-minute response SLA. He started logging all his routine tickets as P1. Yesterday he submitted a P1 because his wireless keyboard needed new batteries. According to our enterprise SLA, P1 incidents require an immediate, continuous all-hands bridge call until resolution. He submitted the ticket at 11 PM. I initiated the emergency bridge. Our automated system dialed his cell phone, his desk phone, and his emergency contact. It woke up his wife. He joined the call in a panic, asking what was on fire. I told him we were assembled to resolve his critical keyboard outage. I asked him to describe the battery compartment. He hung up. Our SLA policy states that if the user disconnects from a P1 bridge, we must call them back immediately. I called him back. He asked me to downgrade the ticket. I told him P1s can only be downgraded after a post-incident root cause analysis. He buys his own batteries now.

Howdy folks! Taking a break from my twitter break to let yall know that we released a new @GreyNoiseIO product yesterday. It's called Project Swarm. We've been quietly not-so-quietly working on it for a few years. You can buy it now. It costs $1. There are lots of vulnerabilities on edge-facing apps. To catch in-the-wild exploitation of them, we @ GreyNoise run sensors on the internet. New AI models means more vulnerabilities being identified and exploited, and FASTER. Long term, software and hardware will probably get better, but in the meantime we're gonna have to deal with A LOT of vulnerabilities. At GreyNoise, the sensors we run are basically honeypots- we bait attackers to scan and exploit them which enables us to learn where the attackers are, which vulnerabilities they are exploiting, what it drops, and what it looks like on the wire. From ~2020-now it took us years to build up our fleet. Now anyone can use our new product to deploy their own sensors on their own networks, or an entire fleet of any size, in a day. You can rip back the data and do whatever you want with it. You can resell it, put it into your product, or just stare at it- whatever you want! On our side, we aggregate the data and pour it into a community dataset that everyone shares. As more people join, the data gets bigger and better. Couple neat features: - Sensor deployment is a single bash command on any modern linux distro that supports iptables and wireguard. - Sensors and vulnerable software (profiles) are abstracted into different logical concepts, which means the "what" and "where" are different things, and the sensor is not constrained by the compute required to run the vulnerable software. Also, no matter how hacked the profile (honeypot) gets, it can't touch your host sensor or the rest of your network. - Sensors can run fake honeypots, real software, or even real hardware (bridged with a raspberry pi) like old crappy routers and modems (or expensive firewalls and VPN gateways 👀) - You can create dynamic blocklists that block IPs sourced from your own sensors in real time, so if a remote IP address *looks at your network* the wrong way, you block them instantly. - All the PCAP data is available to you in a gorgeous and intuitive interface at near real time and fully enriched against all of our (thousands of) rules. We're working on the host metadata (malware, syscalls, host behaviors) as well, but this will come later. - If we don't tag a CVE that's interesting to you, you can write a Suricata rule to tag it yourself once and your data gets tagged with it in real time forever. - You can instantly download PCAPs of any exploits that hit your sensors. - If you don't want your data shared with the community dataset, you can talk to our team and we'll work out rights to make it private. Check it out! There's a lot of moving pieces to make this work and we expect bugs, but it's available right now. Join the fight! greynoise.io/project-swarm

CLAUDE CODE but for HACKING its called shannon, you point it at website and it just... tries to break in... fully autonomous with no human needed i pointed it at a test app and it stole the entire user database, created admin accounts, and bypassed login, all by itself, in 90 minutes github.com/KeygraphHQ/shanno…

Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats hackread.com/cozy-bear-wine-…

Why do I get the feeling it's about to go down again?

Types of DNS Attacks #infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #CyberSec #networking #offensivesecurity #infosecurity #cyberattacks #security #oscp #cybersecurityawareness #bugbounty #bugbountytips

Proven tactics to escape work calls

Rockford Public Schools were breached and ransomed by INC Ransom. This is how: The Rockford Public Schools District was breached via ControlNet smart buildings management systems. The ransom note with the message that “your data was stolen and encrypted…” was received by the school district on their printers on May 15th. Both ControlNet and Rockford Public School District have been posted. @FOX17

🚨 Unauthorized AI usage is devouring your company data, creating a massive shadow AI problem for IT leaders. Secure your sensitive information now! 🔐💼 #cybersecurity #DataProtection #AI #ITLeadership csoonline.com/article/213844…

🚨 Attention CISOs: Microsoft's new Copilot brings AI to desktops but also potential security risks with its Recall feature capturing user activity. Stay informed and prepared! 🛡️🔍 #cybersecurity #AI #copilot csoonline.com/article/213768…

It's just over a week since OpenAI dropped GPT-4o. And people can't stop using it in new ways. 10 wild examples:

Big, if true! Can any chemists confirm? @leecronin?

''Downloading Satellite Imagery With A Wi-Fi Antenna'' #infosec #pentest #redteam #blueteam hackaday.com/2024/04/24/down…

Zscaler Investigates Hacking Claims After Data Offered for Sale securityweek.com/zscaler-inv…

A little gift from my wife today. 🤣 I put this pin on my backpack. 😎

It’s Sunday 07:03 am and I decided to read @Volexity‘s article on UTA0218‘s post exploitation activity (PaloAlto CVE-2024-3400). I saw that a generic rule of mine detected the new UPSTYLE backdoor when it was uploaded to VT yesterday (while no one else had detections for it) and I’m pretty sure that our private rule set already covers 75% of what they report. I‘ll go back to bed, check the remaining 25% and provide more proof tomorrow. Our solution THOR Thunderstorm would have detected the threat right from the start. nextron-systems.com/thor-thu…

Our post at @NCSC from February seems prescient right now - 'Products on your perimeter considered harmful (until proven otherwise)' Ask the questions of your vendors and developers, get the evidence and gain assurance. ncsc.gov.uk/blog-post/produc…

Mobile Application Penetration Testing Cheat Sheet 🔗github.com/tanprathan/Mobile…

Text-to-storyboard I'm really liking the approach @LTXStudio is taking with their video platform Instead of going clip by clip, you prompt the basic story concept, and it generates an entire storyboard w/ multiple scenes, shots, and even character casting Full interface tour: