CISSP | CIRT
Joined October 2021
- Tweets 4,375
- Following 1,521
- Followers 460
- Likes 4,514
69 Photos and videos
Pinned Tweet
Mar 12
AI coding assistants like GitHub Copilot, Codeium, and Cursor are now part of everyday dev workflows inside Visual Studio Code.
But what artifacts do they leave behind on a system?
#DFIR #CyberSecurity #DigitalForensics #VSCode #AI
1
3
670
Jun 6
How Threat Actors Abuse Cloud Services for Phishing Infrastructure
medium.com/@paritoshblogs/ho…
1
147
Jun 5
Common IOC Hunting Mistakes New Analysts Make (And How to Avoid Them)
medium.com/@paritoshblogs/co…
274
Jun 3
Hmmm a good one to join…
Jun 3
Last chance to join today's webinar at 1:00PM! Get a clear picture of where your IR program stands and what it actually takes to keep up with the speed of modern attacks. Register now! hubs.la/Q04jVJpP0
18
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.
Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.
581
3,607
11,525
7,492,762
May 20
The word ‘internal’ doing a lot of heavy lifting here... If your ‘private’ repo contains plaintext secrets, today’s a good day to rotate them.
We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.
31
May 13
Fast Flux DNS & Bulletproof Hosting: The Infrastructure Behind Persistent Threats
medium.com/@paritoshblogs/fa…
160
May 9
Initial Access Brokers (IABs): The Hidden Supply Chain of Modern Cybercrime
medium.com/@paritoshblogs/in…
238
paritosh retweeted
May 8
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems thehackernews.com/2026/05/pc…
4
11
1,307
May 8
NEVER act on an unvalidated dark web alert.
Validate on three axes:
1
24
May 8
Content authenticity: Do sample records actually match your organization’s format? Check email domain patterns, password policy patterns (length, complexity), internal naming conventions that wouldn’t be publicly known.
1
14
May 8
Temporal freshness: Is this recycled data from a 2019 breach being re-listed as new? Cross-reference against Have I Been Pwned API and your known breach history.
36
May 7
Palo Alto's Unit 42 dropped a threat brief on CVE-2026-0300, a zero-day in PAN-OS Captive Portal that lets attackers run code on your firewall without any login.
1
1
123
May 7
They even triggered a SAML flood to push traffic to a second device and compromised that one too. If you're running PA-Series or VM-Series firewalls, either restrict the User-ID Auth Portal to trusted zones or just disable it if you don't need it.
1
58
May 7
41