I came up with a pretty simple KQL query to help with Lockbit Detection. This is based off the latest info from a Sentinel One Blog post. Feel free to share and if you have suggestions to make it better, feel free to let me know.

github.com/siliconshecky/KQL-Q

Mike Kavka boosted

In almost every case, vacillating between tools because you can't decide which is better is a bigger waste of time than just getting good with any of the options and living with its idiosyncrasies.

Mike Kavka boosted

We all know change is scary, but if your authentication method is weak, shouldn't you shore it up?
I guess these firms feel it costs less to pay for a breach than to fix the systems, or is it something else in the integration between back end systems?

infosecurity-magazine.com/news

Ok, it seems that threatpost article is going off vendor research, I'm linking the original vendor blog which shows nothing new on the mitigation front and a sales pitch at the end of it basically.
forescout.com/blog/ot-icefall-

Show thread

Here we go with insecure by design talk this time on OT vendors. Yes they should be paying more attention to it now. That said, how does that affect everything.
Not being in OT, I don't have the answers, but others could speak on this better.
threatpost.com/discovery-of-56

Mike Kavka boosted

So Internet Explorer is "Officially Dead" which of course means that it will linger for the next 100 years.
I mean, look at Flash, Python 2 and other legacy tech that is still around.
The real issue is laziness. Things that rely on the "dead" tech never get updated but still wind up being needed until some new version is hopefully written.
Then after writing said new version is needs to be tested and eventually rolled out. Some industries this can take 10+ years to accomplish.

Mike Kavka boosted

Came across a post for a talk with someone from Forrester, you know a research company, talking about how security consolidation is not a dirty word.
I disagree. Every consolidation closes the door to innovation in our field and makes us more about money than security.

Mike Kavka boosted

Working with Linux Logical Volume Manager in forensic disk images with Tsurugi Linux - something you might run into if you are analyzing a Linux image.

#lvm
youtu.be/bRfq4OTHV5Q

Mike Kavka boosted

On today's #SaturdayHackerday, we finish the setup of our packet capture interfaces for Suricata/Zeek. Then, I have a wacky malware sample to show y'all! That plus the week's cyber news live at 10 AM Pacific! twitch.tv/mttaggart

#infosec #cybersecurity

I just got a recruiter e-mailing me for my wife for a temp admin position. Not IT just office admin. Sent to my e-mail address, not hers. Saying Hello <wife's name here>.

And people wonder why we rip on recruiters.

The only thing that surprises me about this one is that it took this long to happen.
One always needs to make sure of what they are getting, and what their attack vector can be.

bleepingcomputer.com/news/secu

Here are two headlines from the same company, and it shows one thing.... we know nothing and polls are USELESS
"Half of global CISOs feel their organization is unprepared to deal with cyberattacks"
"CISOs say they're at less risk of a substantial cyberattack"

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.