HCS ▋ @superruserr@infosec.exchange
Pinned toot
rest of 2020 goals in mind: 📆
Pivot at the current place
Take on board another project
Actually contribute to an open source project (now that, I'm no longer involved with open source / community software)
Contribute into an online course
Pick up a whole new skill
Keep up my blog entries on hannahsuarez.me
Continue to apply and send Cfp/talk submissions
Continue on with this ruleset submissions that has been on my mind
Pinned toot
Who moved my DNS cheese? BIND 9 DNS Log Collection and DNS Auditing https://hannahsuarez.github.io/2020/who-moved-my-cheese-dns-linux/
Looking into other cloud DNS infrastructure for a potential series. What provider do you use?
#JupyterCon2020 CFP is Open! The period to submit tutorial/talk/poster proposals is short—deadline: July 20, 2020
Useful publicly available resources that provide details of COVID-19-related malicious cyber activity
List of IOCs used COVID-19-related attack campaigns https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs
List of Malware, spam, phishing IOCs that involve use of COVID-19 by SophosLabs https://github.com/sophoslabs/covid-iocs
COVID-19 MISP instance
https://twitter.com/MISPProject/status/1239864641993551873 https://covid-19.iglocska.eu/users/login
List of Domains on a COVID-19 Threat List https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats
Reddit: COVID-19 Threat Actor Campaigns https://www.reddit.com/r/blueteamsec/comments/fiy0i8/master_thread_covid19corona_threat_actor_campaigns/
Trying something out. What types of pricing models would interest you in an offensive and defensive security course (thinking fundamentals but could be more than that)
Also wondering if there is a way for CPE.. but that's down the track.
Have not thought of the pricing yet, just the options.
I ran out of option for the poll but I also want to add 'Buffet style' which is to pick and choose specific modules (for this, please fav)
Twitter just suspended 16 Twitter accounts that were part of a network of fake personas. Together they spent the last year placing about 90 opeds in +40 different news outlets. Newsmax. Washington Examiner. Jerusalem Post. Real Clear Media.
One of the fake personas
is "Lin Nguyen", who has published many op-eds in
SCMP (Chinese news outlet).
https://www.thedailybeast.com/right-wing-media-outlets-duped-by-a-middle-east-propaganda-campaign
Just registered for the Activity Pub online conference https://conf.activitypub.rocks//#cfp
CFP is still open until today (July 8)
Good to see a bit of #fediverse support from #infosec Twitter ;)
Attacking Zcash Protocol For Fun And Profit
I know that surveillance software barely does anything positive for anyone, other than making the employees and contractors feel like criminals from day 1.
It barely even solves productivity or accountability issues seeing as it's basically a performance show. I mean, who looks at 1800+ screenshots per user per week? Or what does keystroke rate have anything to do with thinking or IP work?
If your company does this- gtfo. Don't let employee surveillance be the norm.
Well, that's interesting. Two big MITRE ATT&CK leads recently left including Katie Nickels now with Red Canary as Director of Threat Intelligence.
Recently quoted in this article on the recent attacks to Australian infra https://www.cpomagazine.com/cyber-security/state-sponsored-cyber-attacks-threaten-australian-critical-infrastructure/ (PS: lots of popsup
Interesting, Farsight Security
introduced a passive #DNS draft on June 25 2020 https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-07 for the Common Output Format
Also I thought that there would be an RFC established for passive DNS but looks like there isn't.
The @Elastic Security opens public detection rules repo https://www.elastic.co/blog/elastic-security-opens-public-detection-rules-repo
Very interesting perspective on how to approach Yara rules - do it for threat detection or threat hunting?
There should be the PDFs and sessions hopefully available so that people can read it but I will provide a screenshot at the moment.
Q: Since several threat actors are referring to you in their malware, do you have some yara rules in place to hunt for your own name?
"Criminals are like researchers. They like tracking us (researches) on what we do."
Interesting, didn't realize this was a thing to do.
Love the keynote so far #reversing2020
Now watching REVERSING 2020 'Where Threat Hunters Go Deep on YARA!'
Cyber-Angriffen Zeit
Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties.
https://github.com/FSecureLABS/leonidas
Developed and released by F-Secure Labs
Decided to go via https://ko-fi.com/byt3bl33d3r because I don't like recurring payment stuff.
Would be happy to know if anyone from fedi is on this Github sponsor program.
Today I learnt about this thing called Github sponsors.
Via this guy (whom I first saw exhibiting his work at Black Hat Asia, my first infosec con, back in 2015)
https://github.com/sponsors/byt3bl33d3r
Check out this work.
Also probably one avenue to get other income and support in for your projects
Mining DNS MX Records for Fun and Profit
http://www.covert.io/mining-mx-records-for-fun-and-profit/
Here is the methodology the author devised for this:
* Collect a large sample of MX records
* Enrich MX records with IP intelligence and useful metadata
* Sift through the enriched records and identify recognizable email provider’s domains through * OSINT (whois, PDNS, Google) and market research.
* Profit?!?!?
----
My comment here: Don't underestimate passive #DNS, open source data like whois and crawled data.
personal, course
I spent a bit writing of some potential course topics, themes and small outline.
It turns out that I already have some infrastructure set up (VM and EC2).
Another item I learnt is that there is a common theme/s and from that it becomes straight forward to develop it into CfPs, posts, and other resources.
