Your atypical security enthusiast | DFIR | Threat Hunting | Detection Eng | Insider Threat | Making content at The Blue Team Village | Opinions are my own.
Joined January 2013
- Tweets 1,576
- Following 912
- Followers 1,386
- Likes 12,412
85 Photos and videos
There are individuals that you meet in your life that leave a mark, not just for their kindness & care, but for their humbleness & friendship. @d0ublebind is such individual and more!
Please consider donating and send him lots of love ❤️
gofundme.com/f/aarons-flight…
#FuckCancer
1
2
262
If you are looking for very skillful, knowledgeable, and great human beings for your Red Team, please consider @Salbei_ and @Micheal_merrill
I worked with them for many years and with confidence can say that your team will greatly improve with them!
Some of the people who are looking include @Salbei_ & @Micheal_merrill
I’m also happy to forward leads to the team
2
310
Last year we used JuiceShop with a twist during our CTF. If you want to learn more about bug bounty and app security Juice Shop is a fun way to get started!
6 Sep 2024
Join the shared User Day of @owasp #DSOMM and #JuiceShop on Sep 25th, the day before @appsecusa San Francisco 2024! The agenda includes intros, demos, workshops and even a live CTF:
owasp.org/www-project-juice-…
Register now on eventbrite.com/e/owasp-globa… because seats are very limited!
3
309
This, get familiar with your logs and how they can help you find this much more practical and likely scenario.
Then, have a documented plan on how to respond and mitigate!
For anyone worrying about this, I’d like to hear how you were already handling a near identical attack that didn’t require this vuln:
- steal Yubikey
- login
- returns key WITHOUT cloning it, because 1 session is enough for most objectives
Same attack flow.
If that wasn’t already part of your threat model, why is this?
If it was part of your threat model, how do your existing defenses not already handle the vuln? (I can think of a few, but none that apply to most of the people who are concerned)
This should change very little for most people.
1
4
2,618
Great use of the word likely in context of an investigation for which data may not be conclusive. When not fully sure, likely is a good word to choose.
Their 2nd tweet tells the story, it was 2FA, the lack of it, plus “likely” an easy to guess password…
Kudos for the report!
10 Jan 2024
We have finished our investigation into last week's Mandiant X account takeover and determined it was likely a brute force password attack, limited to this single account.
1
5
500
plug retweeted
21 Nov 2023
If anyone is looking for an internship for next summer our security engineering team (Paranoids Engineering) has a spot open. Ideal candidate has software engineering experience, interest in security, experience with Go and/or Rust. Please DM for info and share
1
9
12
20,114
What makes our CTF different?
You play the role of an IR consultant responding to a breach. You get access to host telemetry via a SIEM of your choice (graylog, elastic or splunk)
Net telemetry via Arkime or pcaps
Security Onion provides an easier path 4 the less experienced
8 Nov 2023
Call for Red Team Volunteers:
We are expanding hands-on content and working on a new CTF for @defcon 32. If you are an experienced Red Teamer, passionate about helping others, and would like to help, please reach out!
#redteam #cybersecurity
docs.google.com/forms/d/e/1F…
1
2
6
1,182
Just as IRL, tools are not always working, the indexed telemetry wasn’t always properly ingested.
You will have access to velociraptor data, some of which was collected incorrectly…
You need to leverage your IR skills & find ways to overcome these & other obstacles to win!
1
102
We have ambitious goals. Our CTFs are based on real events and APTs. We need your help to accomplish our goals and have an immersive CTF for folks of all skill levels.
Reach out if you have any questions!
Please apply asap!
8 Nov 2023
Call for Red Team Volunteers:
We are expanding hands-on content and working on a new CTF for @defcon 32. If you are an experienced Red Teamer, passionate about helping others, and would like to help, please reach out!
#redteam #cybersecurity
docs.google.com/forms/d/e/1F…
1
267
plug retweeted
2 Nov 2023
Our Platform Security team is looking for a new sr. security engineer. Come work with us! Role is remote. linkedin.com/jobs/view/37553… (workday is down right now) ouryahoo.wd5.myworkdayjobs.c… Happy to provide referrals to anyone I know
6
5
1,619
plug retweeted
13 Oct 2023
I am so grateful to have worked on this with you all!
I’ll be referencing our work in my talk today at @objective_see #OBTS at 10am EST, youtube.com/live/f1HA5QhLQ7Y…
Hopefully others can continue to build on our work🙏
3
9
2,915
Back in 2021 @coolestcatiknow @1njection @CptOfEvilMinion @TilottamaSanyal and I, presented a 2 day MacOS workshop @defcon @BlueTeamVillage on Emulating & Threat Hunting APT 32: OceanLotus.
The workshop was kept private until today. You can play along:
huntapples.com
2
5
10
1,812
To my knowledge this was the first MacOS Threat Hunting workshop that attempted to show how to properly EMULATE an adversary.
Next week datasets will be uploaded for you to load into the SIEM of your choose pcaps
Would you like to see a similar workshop? If so, for what APT?
1
114