The IT admin turned security admin is a really great career trajectory. It sets you up nice well to expand into just about any other security role, from pentesting to DFIR. 1 experienced, thoughtful, resourceful IT admin is worth their weight in gold

Just updated our documentation on using Timesketch to analyze Hayabusa results: github.com/Yamato-Security/h… It includes an overview of the main features you want to use in your investigations.

Yo, I don't post about cyber security but I have to share this gem I stumbled on last week. Seriously it's hands down the most valuable resource I have ever found for anyone diving into or curious about cyber security, plus it's free, the Internet is amazing 😭❤️

NEW: Fortinet has finally disclosed a new actively exploited critical FortiManager API flaw tracked as CVE-2024-47575 after it was privately disclosed to customers over a week ago. bleepingcomputer.com/news/se…

EDRSilencer red team tool used in attacks to bypass security - @billtoulas bleepingcomputer.com/news/se… bleepingcomputer.com/news/se…

🚀Introducing OpenRelik: Open-source platform for digital forensic investigations. Modular workflows, collaboration, central artifact repository and easily extendable to support new tools in a clean, easy to use interface. openrelik.org

Understanding EVERY Token in Entra ID 🔎 Not all tokens are equal. There are many different types with different uses and benefits. In this blog, I break down each token and what they are used for and which tokens are the most "valuable" for an attacker to obtain. Full blog here👇👇 @XintraOrg xintra.org/blog/tokens-in-en…

🎯 #Ransomware аbuses a game and spreads with a valid certificate – #ExploreWithANYRUN 📌 #Malware uses legitimate #certificate from COGNOSPHERE PTE. LTD ⚙ The XORed ransomware code is stored in the #DLL file. Our all-purpose #XOR extractor helps find out what was XORed by analyzing #MalConf 🔀 #Kransom ransomware hijacks the execution flow through DLL side-loading ⚠ This malware won't function without the DLL file, which is stored in the same folder as the game, and contains the #encrypted code 📍 The #StarRail #software used by this malware for masquerading is legitimate 📝 The note contains the following text: I believe you've encountered some problems. Email to hoyoverse for solutions. Analysis 👉 app.any.run/tasks/9835858b-9… DLL file 👉 app.any.run/tasks/b6366c04-7… 🔎 Find more samples using this #TI request 👉 intelligence.any.run/analysi… Analyze and investigate the latest malware and #phishing threats with #ANYRUN 🛡️

Holy shit. 🤣

We're currently investigating access issues and degraded performance with multiple Microsoft 365 services and features. More information can be found under MO842351 in the admin center.

We are investigating an issue impacting the Azure portal. More details will be provided as they become available.

July Windows Server updates break Remote Desktop connections - @serghei bleepingcomputer.com/news/mi… bleepingcomputer.com/news/mi…

Microsoft warns that some Windows devices will boot into BitLocker recovery after installing the July 2024 security updates. bleepingcomputer.com/news/mi…

#Office365 #Phishing Techniques..... TA shares a OneNote link and uses Guest accounts for defence evasion...

We've released Process Monitor 2.0 for Linux with broader distro support and Sysmon v15.15 with bugfixes. Get the tools at sysinternals.com. See what's new on the Sysinternals Blog: techcommunity.microsoft.com/…

I created a simple Group Policy (GPO) to automatically fix CrowdStrike BSOD (Blue screen of death) issue. gist.github.com/whichbuffer/…

OMFG! Kerberos Request/Response ticket hashes are being included in EIDs 4768/4769 🤩 Thank you x1000000 Paul Michaud (burning_pm) for the screenshots 💜

The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. blog.qualys.com/vulnerabilit…

An apparent "VMWare ESXi" 0day is being advertised for $1.2million alongside an Outlook RCE Exploit 0-Day for $1,700,000, with "ShinyHunters" forum owner vouching for it as escrow and the same adverts being posted on some Russian forums.

Lockbit ransomware group has made a post today about a contest (titled: contest.omg) to contact Dmitry Khoroshev – they assert the FBI is wrong and LockbitSupp is NOT Dmitry Khoroshev. They're offering $1,000 if you can contact Dmitry Khoroshev to see if he is alive and well