Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties.
Developed and released by F-Secure Labs
I definitely trust my DNS provider - NextDNS - more than my ISP. This is because I willfully chose them after doing research and I also pay for the service to support them and keep them providing me with the tools to filter out crap and transparently show me what is happening on my networks.
Encrypted DNS Query Transports and Their Trust Models – Asinine Tech
VirusTotal and ThreatConnect is good for the community availability. Also passive Dns offerings, and a couple more that is paid/enterprise solutions.
Good luck with the threat hunting
Pandemics & Propaganda: How Chinese State Media Creates and Propagates CCP Coronavirus Narratives | HKS Misinformation Review
To gain insight into how Chinese state media is communicating about the coronavirus pandemic to the outside world, we analyzed a collection of posts from their English-language presence on Facebook.
KDE's April 2020 apps update is out!
So many nice changes! (some of yours truly)
Really like this SOC Prime #SIEM fundamentals post https://socprime.com/en/blog/siem-fundamentals-part-1-first-and-foremost-a-data-collection-problem/
"Fox Kitten" Campaign
Info on techniques/methods:
VPN system vulnerabilities
A pre-access tool
Local priv esc tools
Juicy Potato, Procdump, Mimikatz, Sticky Keys, other accessibility tools settings, local admin user
Lateral movement tools:
STSRCheck, port.exe, Invoke the Hash
POWSSHNET, socket based backdoor for socket opening, servo, Ngrok, FRP, webshells, archives (winrar, z-zip)
Thank you @kde for all your work on KDE & Plasma. Thank you @mozilla for Firefox. Thank you to all the kernel hackers for their restless work on the Linux kernel. Thank you to everyone involved working on the GNU tools! Thank you to all the devs working on libraries and the backend, who clearly get to little love!
Interesting item to think about, knowing your 'enemy'...
does 'knowing your enemy' involve ...
- a list of bad IPs
- a set of event ids
- different entropy (ie when obscuring potentially malicious powershell commands like disabling an etw provider)
"In fact, many observations of past badness — the indicators — may in fact be essentially random and present no useful knowledge about the future badness or about the nature of the enemy, their intents and capabilities."
I’ve taken up “Thinking, Fast and Slow” by Daniel Kahneman again, while I wait for my next software book to arrive. I started reading it last year but found it slow going as it took a lot of brain power to process. It’s not so much the text itself that is hard to read, it’s that it leads you to re-evaluate your own biases, which can be very difficult.
I loved the Firefox Ubiquity extension back in the day and I'm extremely jazzed to see it successfully resurrected for modern times: https://gchristensen.github.io/ubiquitywe/
Infosec thoughts, links, experiences, rants, chats
(Not my cat.)
A Mastodon instance for info/cyber security-minded people.