Robert boosted

Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties.

github.com/FSecureLABS/leonida

Developed and released by F-Secure Labs

Robert boosted

I definitely trust my DNS provider - NextDNS - more than my ISP. This is because I willfully chose them after doing research and I also pay for the service to support them and keep them providing me with the tools to filter out crap and transparently show me what is happening on my networks.

Encrypted DNS Query Transports and Their Trust Models – Asinine Tech

asininetech.com/2020/06/26/enc

Robert boosted

@sillystring Yeah very interesting area. I found out recently that RDAP is becoming the next or sucessor of whois tools.ietf.org/html/rfc7482

VirusTotal and ThreatConnect is good for the community availability. Also passive Dns offerings, and a couple more that is paid/enterprise solutions.

Good luck with the threat hunting

Robert boosted

Pandemics & Propaganda: How Chinese State Media Creates and Propagates CCP Coronavirus Narratives | HKS Misinformation Review

To gain insight into how Chinese state media is communicating about the coronavirus pandemic to the outside world, we analyzed a collection of posts from their English-language presence on Facebook.

misinforeview.hks.harvard.edu/

Robert boosted

Udemy (momentarily free)

- Computer from Scratch to Advanced: lnkd.in/e-eqiTq

- , , - Certification Course: lnkd.in/e5PiBqF

- the Boring Stuff with Programming: lnkd.in/eCDCyyd

- Pass Solutions Architect Associate in first attempt: lnkd.in/ed7U-D3

- Masterclass - Beginner to Expert: lnkd.in/eZXwRj5

Robert boosted

Coping with a lot personally, but meanwhile everyone be safe and stay sane. If you can muster it, it is a *hell* of a time to read and study, and do.

Robert boosted
Robert boosted
Robert boosted

"Fox Kitten" Campaign

Info on techniques/methods:

Pre-access/Access Tools:
VPN system vulnerabilities
A pre-access tool

Local priv esc tools
Juicy Potato, Procdump, Mimikatz, Sticky Keys, other accessibility tools settings, local admin user

Lateral movement tools:
STSRCheck, port.exe, Invoke the Hash

Backdoor/C&C tools:
POWSSHNET, socket based backdoor for socket opening, servo, Ngrok, FRP, webshells, archives (winrar, z-zip)

Summary: clearskysec.com/fox-kitten/
Full: clearskysec.com/wp-content/upl

Robert boosted

Thank you @kde for all your work on KDE & Plasma. Thank you @mozilla for Firefox. Thank you to all the kernel hackers for their restless work on the Linux kernel. Thank you to everyone involved working on the GNU tools! Thank you to all the devs working on libraries and the backend, who clearly get to little love!

[1/2]

Is anyone having weird issues with the Barracuda RBL?

Robert boosted

A Linux Auditd rule set mapped to MITRE's Attack Framework + Linux elevation of privileges ToC.

guif.re/linuxeop

github.com/bfuzzy/auditd-attac

Robert boosted

Interesting item to think about, knowing your 'enemy'...

medium.com/anton-on-security/h

does 'knowing your enemy' involve ...
- a list of bad IPs
- a set of event ids
- different entropy (ie when obscuring potentially malicious powershell commands like disabling an etw provider)

"In fact, many observations of past badness — the indicators — may in fact be essentially random and present no useful knowledge about the future badness or about the nature of the enemy, their intents and capabilities."

Robert boosted

Life before Google:

You’d think of something, ask your friends, and they would be like “Gosh, I don’t know” and then you’d be like “Oh, well, guess that’s a thing I’ll never know” and then everyone just proceeds with their fucking day.

Robert boosted

I’ve taken up “Thinking, Fast and Slow” by Daniel Kahneman again, while I wait for my next software book to arrive. I started reading it last year but found it slow going as it took a lot of brain power to process. It’s not so much the text itself that is hard to read, it’s that it leads you to re-evaluate your own biases, which can be very difficult.

Show thread
Robert boosted

There's a very cool exhibit at the Met right now that includes two 16-17th C encryption devices. The book-like device is surprisingly complex, the second uses a simple substitution system that translates letters into distances.

Robert boosted
Robert boosted

small ebook I drafted on siem and log collection to go to the marketing agency's designer.

I loved the Firefox Ubiquity extension back in the day and I'm extremely jazzed to see it successfully resurrected for modern times: gchristensen.github.io/ubiquit

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.