I am independent, you want the truth? Laying off workers to run Super Bowl ads should not be a growth driver. @CrowdStrike Laying off workers to buy into ChatGPT should not be a growth driver. @Microsoft Laying off workers should never be a growth driver. @Google

We just published a report on EVERYTHING that @HuntressLabs SOC is seeing for post-exploitation from #ScreenConnect CVE-2024-1708/CVE-2024-1709. huntress.com/blog/slashandgr… There's A LOT of it. We're talking: - Adversaries Deploying Ransomware (LockBit and others) - Classic LOLbin enumeration and reconnaissance - Dropping cryptocurrency miners (masquerading as SentinelOne) - Installing other persistence and backdoors (SimpleHelp C2, SSH, Remote Desktop, new users, reverse shells) This includes all the technical details and tradecraft for each variety of these attacks. Please go look through this. If I may be so bold, I think this is seriously the biggest and most-comprehensive release of the active threat intel that we've seen shared publicly so far.

Wenn Du die wichtigsten Unternehmen Europas schützen möchtest, dann komm in unser SOC Team. Wir setzen auf die besten Security Experten der Branche. Schreib mir gerne eine DM.

Awesome reply by @DB_Presse regarding another stupid post by that clown @Beatrix_vStorch . Well played, @DB_Presse. Well played. 👏👏👏

Yes. And it’s called saving lives.

I'm planning to integrate additional sources into my #Sentinel #AnalyticsRule search engine. You write and publish ANR? You want those included? Then please answer with the link to your repository. analyticsrules.exchange/

We have restored our papers on oligomorphic, polymorphic, and metaphoric viruses. Path: /papers/Other/Code Mutation Have a nice day (or evening). We will see all of you tomorrow. Cheers, vx-underground.org

Firefox on Linux is now supported for #FIDO2 in #EntraID #AAD #Passwordless learn.microsoft.com/en-us/az…

Lots of people are new to M365/Microsoft Entra ID forensics, so I thought I would put together a completely free & open-source forensics 'kit' to learn. First, somewhere to store your data, Kusto Free tier is perfect, zero cost and no card required - aka.ms/kustofree

You cannot thank these guys enough putting so much effort and time in enabling all of us newbies. So let's start with @reprise_99: Thanks so much! #infosec #forensics #threatintel 👇👇👇

Exciting topics from very experienced speakers await you in the Security Track at the #IdentitySummit. Take the chance and get insights and learn from @tseyf34, @jeffAprea, @janVidarelven, @fabian_bader, @kennethvs and @cbrhh. More details: identitysummit.cloud

Microsoft has observed a new version of the BlackCat ransomware being used in recent campaigns. This version includes the open-source communication framework tool Impacket, which threat actors use to facilitate lateral movement in target environments.

My first blog in Microsoft 🤟 AiTM & BEC threat hunting with KQL *sorry if this post was already duplicated 🙌 techcommunity.microsoft.com/…

Microsoft has been published a #TokenTheft playbook which includes investigation checklist, hunting queries, response/recovery task list but also accompanying decision tree. A must read for every #AzureAD, #Entra, #SecOps admin and architect. learn.microsoft.com/en-us/se…

Protocol Handlers are a thing these days. Here is another trick for initial access through the search-ms handler to download and execute code: lnkd.in/e9-DAU5Q #security #threatprotection #threatintelligence #cti

Oha! 😬😬😬 #threatintel #threathunting #infosec 👇👇👇

Unleash the Power of Threat Intel: Introducing the MDTI GitHub techcommunity.microsoft.com/… #MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D

Awesome! Checkout MDTIs GitHub repo! #threatintel #threathunting #mdti 👇👇👇

Clop Ransomware has now posted 40 new victims in 12 hours. Toyota European subsidiary breached.