Defensive Security Podcast Episode 235
Post-Exploitation Hunting with ATT&CK & Elastic https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1533071345.pdf
@ITsecJ Thank you for the boost!
@jerry Thank you for the boost!
I'm looking for an overnight SOC analyst for our managed SOC in Portland Oregon. I'm targeting more junior/mid-level at this time, so if you've got a strong background in IT, awareness of, and thirst for, security good-guying and data analytics, and hate the daylight, send yourself my way and let's talk.
What a bug... FaceTime lets you call another iOS user and listen to their microphone briefly without them even answering https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
We're all aware of this, yes? I haven't validated it myself, but it doesn't sound outside the realm of possibility:
#mastodon makes the internet fun again, we need more places like this online. Places to have adventures and explore.
Link of the Day #LotD
What's one of the most contentious, hardest pieces of corporate security? Updates! But also freaking passwords. No matter how (commonly) long your password policy, nothing is usually in the way of people just using "Companyname2018!" which falls to a dictionary attack immediately.
Password blacklisting for active directory:
(I haven't had time to evaluate the current solutions yet, but this is an awfully good layer conceptually.)
Link of the Day #LotD
I can't freaking remember where I found this, but it's a great red/blue/purple team guide to screwing with Windows events.
@robertcc This might sound like a bad answer, but here goes (and mind you, I'm only a hobbyist)
I imagine I'm ahead of the curve. Doing 1 more thing than the average Joe. When it comes to users I manage, I am aware their passwords are shit and that ANYONE with half a mind could rob the heck out of our place, but that part is not in my job description.
Oh, and smoking. Cigars.
@robertcc Meditation and kids. Who needs a gym if they're running after kids all day?
Infosec thoughts, links, experiences, rants
(Not my cat.)
A Mastodon instance for info/cyber security-minded people.