Pinned toot

rest of 2020 goals in mind: 📆

:pika: Pivot at the current place

:pika: Take on board another project

:pika: Actually contribute to an open source project (now that, I'm no longer involved with open source / community software)

:pika: Contribute into an online course

:pika: Pick up a whole new skill

:pika: Keep up my blog entries on

:pika: Continue to apply and send Cfp/talk submissions

:pika: Continue on with this ruleset submissions that has been on my mind

Pinned toot

Who moved my DNS cheese? BIND 9 DNS Log Collection and DNS Auditing

Looking into other cloud DNS infrastructure for a potential series. What provider do you use?

CFP is Open! The period to submit tutorial/talk/poster proposals is short—deadline: July 20, 2020

Useful publicly available resources that provide details of COVID-19-related malicious cyber activity

List of IOCs used COVID-19-related attack campaigns

List of Malware, spam, phishing IOCs that involve use of COVID-19 by SophosLabs

COVID-19 MISP instance

List of Domains on a COVID-19 Threat List

Reddit: COVID-19 Threat Actor Campaigns

Trying something out. What types of pricing models would interest you in an offensive and defensive security course (thinking fundamentals but could be more than that)

Also wondering if there is a way for CPE.. but that's down the track.

Have not thought of the pricing yet, just the options.

I ran out of option for the poll but I also want to add 'Buffet style' which is to pick and choose specific modules (for this, please fav)

Twitter just suspended 16 Twitter accounts that were part of a network of fake personas. Together they spent the last year placing about 90 opeds in +40 different news outlets. Newsmax. Washington Examiner. Jerusalem Post. Real Clear Media.

One of the fake personas
is "Lin Nguyen", who has published many op-eds in
SCMP (Chinese news outlet).

Just registered for the Activity Pub online conference

CFP is still open until today (July 8)

I know that surveillance software barely does anything positive for anyone, other than making the employees and contractors feel like criminals from day 1.

It barely even solves productivity or accountability issues seeing as it's basically a performance show. I mean, who looks at 1800+ screenshots per user per week? Or what does keystroke rate have anything to do with thinking or IP work?

If your company does this- gtfo. Don't let employee surveillance be the norm.

Well, that's interesting. Two big MITRE ATT&CK leads recently left including Katie Nickels now with Red Canary as Director of Threat Intelligence.

Recently quoted in this article on the recent attacks to Australian infra (PS: lots of popsup

Interesting, Farsight Security
introduced a passive draft on June 25 2020 for the Common Output Format

Also I thought that there would be an RFC established for passive DNS but looks like there isn't.

Very interesting perspective on how to approach Yara rules - do it for threat detection or threat hunting?

There should be the PDFs and sessions hopefully available so that people can read it but I will provide a screenshot at the moment.

Q: Since several threat actors are referring to you in their malware, do you have some yara rules in place to hunt for your own name?

"Criminals are like researchers. They like tracking us (researches) on what we do."

Interesting, didn't realize this was a thing to do.

Love the keynote so far

Show thread

Now watching REVERSING 2020 'Where Threat Hunters Go Deep on YARA!'

Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties.

Developed and released by F-Secure Labs

Decided to go via because I don't like recurring payment stuff.

Would be happy to know if anyone from fedi is on this Github sponsor program.

Show thread

Today I learnt about this thing called Github sponsors.

Via this guy (whom I first saw exhibiting his work at Black Hat Asia, my first infosec con, back in 2015)

Check out this work.

Also probably one avenue to get other income and support in for your projects

Mining DNS MX Records for Fun and Profit

Here is the methodology the author devised for this:

* Collect a large sample of MX records
* Enrich MX records with IP intelligence and useful metadata
* Sift through the enriched records and identify recognizable email provider’s domains through * OSINT (whois, PDNS, Google) and market research.
* Profit?!?!?


My comment here: Don't underestimate passive , open source data like whois and crawled data.

personal, course 

I spent a bit writing of some potential course topics, themes and small outline.
It turns out that I already have some infrastructure set up (VM and EC2).

Another item I learnt is that there is a common theme/s and from that it becomes straight forward to develop it into CfPs, posts, and other resources.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.