Josh Lemon<p>Wow, Microsoft is removing <a href="https://infosec.exchange/tags/WMIC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WMIC</span></a> from Windows!<br>But they aren't removing the underlying WMI framework, so threat actors will have to use PowerShell to access WMI.</p><p>I'm not sure this will have a significant impact on what Threat Actors do with WMI, however, it'll at least force a Threat Actor to use PowerShell where there is better built-in visibility (if it's enabled), compared to WMIC.</p><p>🔗 <a href="https://techcommunity.microsoft.com/blog/windows-itpro-blog/wmi-command-line-wmic-utility-deprecation-next-steps/4039242" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techcommunity.microsoft.com/bl</span><span class="invisible">og/windows-itpro-blog/wmi-command-line-wmic-utility-deprecation-next-steps/4039242</span></a></p><p><a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/CSIRT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSIRT</span></a> <a href="https://infosec.exchange/tags/CERT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CERT</span></a></p>
mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.
Administered by:
Server stats:
12Kactive users
mstdn.social: About · Status · Profiles directory · Privacy policy · Terms of service
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#threatdetection
3 posts · 3 participants · 0 posts today
Brian Greenberg :verified:<p>CrowdStrike just dropped $290M on a company most of us haven't heard of: Onum. This big-ticket acquisition is a statement about where the industry is headed. The real value here is real-time data pipelines. We're moving from just collecting telemetry to proactively filtering and enriching it so AI models can work faster and more efficiently. It's a foundational shift.<br>TL;DR<br>🤖 $290M acquisition of Onum<br>🧠 Focus is on AI-powered data pipelines<br>🚀 Accelerates threat detection at scale<br>💡 Less friction for AI/SOC teams<br><a href="https://www.csoonline.com/article/4057472/crowdstrike-bets-big-on-agentic-ai-with-new-offerings-after-290m-onum-buy.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">csoonline.com/article/4057472/</span><span class="invisible">crowdstrike-bets-big-on-agentic-ai-with-new-offerings-after-290m-onum-buy.html</span></a><br><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/CrowdStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CrowdStrike</span></a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Just Another Blue Teamer<p>Happy Monday Everyone!</p><p>I usually use this space to share workshops, articles, or insights from the community but today is a little different. I was humbled to see my name listed alongside so many amazing professionals as a nominee for the SANS Institute Difference Makers Award.</p><p>This recognition isn’t about me, though. It’s about celebrating the people who push our field forward, make an impact, and inspire others. If someone has made a difference in your journey, I encourage you to take a moment to recognize them.</p><p>Nomination form:<br><a href="https://lnkd.in/dNNeTQKJ" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">lnkd.in/dNNeTQKJ</span><span class="invisible"></span></a></p><p>Have a wonderful day, and as always Happy Hunting!</p><p>Original Post from Rob T. Lee:<br><a href="https://www.linkedin.com/posts/leerob_our-core-mission-in-sans-institute-dfir-classes-activity-7372981624734576640-zrwN?utm_source=share&utm_medium=member_desktop&rcm=ACoAABd7OUoBVN750zcbzPTXBcB9nFZcxIiKpRc" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linkedin.com/posts/leerob_our-</span><span class="invisible">core-mission-in-sans-institute-dfir-classes-activity-7372981624734576640-zrwN?utm_source=share&utm_medium=member_desktop&rcm=ACoAABd7OUoBVN750zcbzPTXBcB9nFZcxIiKpRc</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471<br><a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a></p>
DROP\ TABLE Hacker of Earthsea<p>Why Your Security Team Needs Geographic Threat Intelligence Visualization 🗺️<br>Traditional security dashboards show you WHAT happened, but not WHERE it's happening or HOW threats are connected geographically. Your SOC analysts are drowning in isolated alerts while missing the bigger picture - attack campaigns that span multiple IPs and locations. This geographic blind spot is costing companies millions in delayed detection and response times.<br>🎯 Five Reasons to Use Geographic Threat Intelligence:<br>Faster Incident Response - See attack patterns immediately, not after hours of analysis<br>Better Resource Allocation - Focus security resources on high-risk geographic areas<br>Enhanced Threat Hunting - Spot attack campaigns across multiple IPs and locations<br>Improved Prioritization - Group related threats by geography and risk level<br>Better Communication - Show executives the threat landscape visually<br>Don't let your security team fight blind. Give them the geographic intelligence they need to win the battle against cyber threats.<br><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/SecurityOperations" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityOperations</span></a> <a href="https://infosec.exchange/tags/CyberDefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberDefense</span></a> <a href="https://infosec.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://infosec.exchange/tags/SecurityAnalytics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityAnalytics</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreats</span></a> <a href="https://infosec.exchange/tags/SecurityTools" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityTools</span></a> <a href="https://infosec.exchange/tags/DataVisualization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataVisualization</span></a> <a href="https://infosec.exchange/tags/SecurityInnovation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityInnovation</span></a> <a href="https://infosec.exchange/tags/CyberAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAwareness</span></a> <a href="https://infosec.exchange/tags/SecurityLeadership" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityLeadership</span></a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RiskManagement</span></a> <a href="https://infosec.exchange/tags/SecurityMonitoring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityMonitoring</span></a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://infosec.exchange/tags/CyberResilience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberResilience</span></a> <a href="https://infosec.exchange/tags/SecurityStrategy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityStrategy</span></a></p><p><a href="https://chickenpwny.github.io/AzureOrder365/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chickenpwny.github.io/AzureOrd</span><span class="invisible">er365/</span></a></p>
Pyrzout :vm:<p>Innovator Spotlight: Darwinium – Source: www.cyberdefensemagazine.com <a href="https://ciso2ciso.com/innovator-spotlight-darwinium-source-www-cyberdefensemagazine-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/innovator-spotli</span><span class="invisible">ght-darwinium-source-www-cyberdefensemagazine-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/autonomouscybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>autonomouscybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/cyberdefensemagazine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberdefensemagazine</span></a> <a href="https://social.skynetcloud.site/tags/realtimeintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>realtimeintelligence</span></a> <a href="https://social.skynetcloud.site/tags/cyberdefensemagazine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberdefensemagazine</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/digitalresilience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>digitalresilience</span></a> <a href="https://social.skynetcloud.site/tags/perimetersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>perimetersecurity</span></a> <a href="https://social.skynetcloud.site/tags/AInativesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AInativesecurity</span></a> <a href="https://social.skynetcloud.site/tags/Beagleredteaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Beagleredteaming</span></a> <a href="https://social.skynetcloud.site/tags/adaptivedefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>adaptivedefense</span></a> <a href="https://social.skynetcloud.site/tags/fraudprevention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fraudprevention</span></a> <a href="https://social.skynetcloud.site/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a> <a href="https://social.skynetcloud.site/tags/GenerativeAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GenerativeAI</span></a> <a href="https://social.skynetcloud.site/tags/riskjourneys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>riskjourneys</span></a> <a href="https://social.skynetcloud.site/tags/cyberfraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfraud</span></a> <a href="https://social.skynetcloud.site/tags/agenticai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>agenticai</span></a> <a href="https://social.skynetcloud.site/tags/Darwinium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Darwinium</span></a> <a href="https://social.skynetcloud.site/tags/Spotlight" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spotlight</span></a> <a href="https://social.skynetcloud.site/tags/CISOs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISOs</span></a></p>
Bongoknight<p>Could some people here be interested in a stream/blogpost/threads about threat hunting methodology?</p><p>I plan to use real world examples found in Cloudflare Top 1M domains. Boosts are welcome! </p><p><a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/threathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threathunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/CTI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CTI</span></a></p>
Claroty<p>🔌 Find out how Claroty helps <a href="https://infosec.exchange/tags/PublicUtilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PublicUtilities</span></a> organizations reduce their cyber risk with the quickest time-to-value (TTV) and a lower total cost of ownership (TCO)–regardless of the scale or maturity of your program. 📄 <a href="https://claroty.com/resources/datasheets/ot-cybersecurity-and-nerc-cip-compliance-for-public-power-utilities" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">claroty.com/resources/datashee</span><span class="invisible">ts/ot-cybersecurity-and-nerc-cip-compliance-for-public-power-utilities</span></a></p><p><a href="https://infosec.exchange/tags/SLG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SLG</span></a> <a href="https://infosec.exchange/tags/NERCCIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NERCCIP</span></a> <a href="https://infosec.exchange/tags/NERC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NERC</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/NetworkProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkProtection</span></a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroTrust</span></a> <a href="https://infosec.exchange/tags/NERCCIP0151" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NERCCIP0151</span></a> <a href="https://infosec.exchange/tags/ExposureManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ExposureManagement</span></a> <a href="https://infosec.exchange/tags/AssetDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AssetDiscovery</span></a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://infosec.exchange/tags/CPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CPS</span></a></p>
InfoQ<p>⚠️ As <a href="https://techhub.social/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> attacks grow in frequency, scale, and sophistication, endpoint security & reactive backups are no longer enough.</p><p>🔐 Defense has moved beyond traditional antivirus - the new focus is the storage layer:<br>✅ Immutable backups<br>✅ AI-powered detection<br>✅ Isolated vaults</p><p>📰 Read the <a href="https://techhub.social/tags/InfoQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoQ</span></a> article by Arjun Mullick (Engineering Manager, Meta): <a href="https://bit.ly/4623E3x" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bit.ly/4623E3x</span><span class="invisible"></span></a></p><p><a href="https://techhub.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://techhub.social/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://techhub.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://techhub.social/tags/SecurityVulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityVulnerabilities</span></a></p>
Josh Lemon<p>That's a bit nasty - a threat actor uses <a href="https://infosec.exchange/tags/Velociraptor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Velociraptor</span></a> (open source IR tool) as their primary C2 implant on the victim's system.</p><p>You think they might also let the victim use it for responding to the compromise as well? 😂<br> <a href="https://news.sophos.com/en-us/2025/08/26/velociraptor-incident-response-tool-abused-for-remote-access/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.sophos.com/en-us/2025/08/</span><span class="invisible">26/velociraptor-incident-response-tool-abused-for-remote-access/</span></a></p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a></p>
Graylog<p>ScaryByte has tackled an important and growing challenge—digital academic fraud. 💻 🏫 🦹 Their integrated <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> platform combining <a href="https://infosec.exchange/tags/Graylog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Graylog</span></a> Security, AWS, and Obala AI now unifies observability, streamlines detection, and accelerates response time for critical institutions. 🙌 </p><p>ScaryByte delivers outcomes that matter, including:<br>🔍 Real-time threat detection<br>☑️ Faster forensics and compliance<br>🖥️ Expert-led deployments, scalable on AWS</p><p>Learn more about how ScaryByte is helping institutions restore trust in online learning.💡😃 See the full case study.👇 </p><p><a href="https://graylog.org/resources/customer-story-scarybyte/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">graylog.org/resources/customer</span><span class="invisible">-story-scarybyte/</span></a> <br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/TDIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TDIR</span></a></p>
Graylog<p>It's time to tune in for the latest from <a href="https://infosec.exchange/tags/GraylogLabs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GraylogLabs</span></a>! 📺 🎊 Today we're taking about the new Caddy Webserver Content Pack. Say what? No, not <a href="https://infosec.exchange/tags/Caddyshack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Caddyshack</span></a>! ⛳ 🦫 Caddy Webserver! 🖥️ </p><p>This new content pack is going to help you quickly turn raw logs into structured, searchable insights. 🔎💡 🙌 It's available in Illuminate 6.4 and a Graylog Enterprise or Graylog <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> license, and delivers ready-to-use parsing rules, streams, and dashboards. 🚚 </p><p>Read up on:<br>❓ What this pack does<br>🪵 Getting logs into <a href="https://infosec.exchange/tags/Graylog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Graylog</span></a><br>🫵 Why you should log Caddy Webserver logs<br>🔍 How this helps you quickly detect anomalies, identify suspicious requests, and feed relevant data directly into your <a href="https://infosec.exchange/tags/TDIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TDIR</span></a> workflows</p><p><a href="https://graylog.org/post/caddy-webserver-data-in-graylog/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">graylog.org/post/caddy-webserv</span><span class="invisible">er-data-in-graylog/</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/SIEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIEM</span></a></p>
Just Another Blue Teamer<p>Happy Monday everyone!</p><p>CrowdStrike is reminding us that just because some of us use Macs, doesn't mean we are malware proof! In this case the cybercriminal group dubbed <a href="https://ioc.exchange/tags/COOKIESPIDER" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>COOKIESPIDER</span></a> was deploying their stealer known as <a href="https://ioc.exchange/tags/SHAMOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SHAMOS</span></a>. </p><p>Using a combination of malvertising and the <a href="https://ioc.exchange/tags/ClickFix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ClickFix</span></a> technique, the group would trick their victim's into installing the Shamos stealer which leads to it running "host reconnaissance and data collection tasks, including searching for known cryptocurrency-related wallet files and sensitive credential-based files on disk". </p><p>As always, take a read for yourself to see all the details I left out! Enjoy and Happy Hunting!</p><p>Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS<br><a href="https://www.crowdstrike.com/en-us/blog/falcon-prevents-cookie-spider-shamos-delivery-macos/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">crowdstrike.com/en-us/blog/fal</span><span class="invisible">con-prevents-cookie-spider-shamos-delivery-macos/</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a></p>
Graylog<p>Reason #532 for why you should register NOW(!) for <a href="https://infosec.exchange/tags/GraylogGO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GraylogGO</span></a>... Seth Goldhammer will be delivering the highly anticipated annual roadmap keynote, "The Road Ahead: Graylog’s Vision for Innovation and <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a>". 🛣️ 🚗 </p><p>🗺️ Where is <a href="https://infosec.exchange/tags/Graylog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Graylog</span></a> headed next? <br>💡 What are the upcoming strategies, innovations, and enhancements that will help you stay ahead in today’s rapidly evolving threat landscape?<br>✨ What are the Graylog usability improvements that will empower your teams?<br>🤔 How does Graylog build “<a href="https://infosec.exchange/tags/SIEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIEM</span></a> without compromise?”</p><p>Find out! On Sept. 17th at 9AM ET—but only if you REGISTER (it's 🆓) — <a href="https://graylog.info/41iu8fv" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">graylog.info/41iu8fv</span><span class="invisible"></span></a></p><p>Whether your an enterprise customer or an open source user, you’ll leave this session inspired and ready to take full advantage of what’s next.</p><p><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a></p>
Just Another Blue Teamer<p>Happy Wednesday everyone!</p><p><a href="https://ioc.exchange/tags/GodRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GodRAT</span></a> is a new remote trojan that is targeting financial institutions as reported by Kaspersky. According to their analysis, GodRAT is based on the <a href="https://ioc.exchange/tags/Gh0stRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gh0stRAT</span></a> codebase and uses steganography to evade detection. It supports additional plugins that are used to explore the victim's systems, deploy browser password stealers, and during the attack they even deployed the <a href="https://ioc.exchange/tags/AsyncRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AsyncRAT</span></a> as a backup to maintain access.</p><p>Looking at two password stealer payloads, it can give us some ideas of where to begin a hunt focused on this threat: Both the Chrome and MS Edge password stealer added an executable to the path %ALLUSERSPROFILE%\google\ and named them after the browser they were after ("chrome.exe" and "msedge.exe" respectfully). An interesting hunt would be to look at new executables added to this directory OR hunt for executables that may be masquerading as browser related executables! However you do it, get hunting!</p><p>GodRAT – New RAT targeting financial institutions<br><a href="https://securelist.com/godrat/117119/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">securelist.com/godrat/117119/</span><span class="invisible"></span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/IntelDriveThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IntelDriveThreatHunting</span></a></p>
The DefendOps Diaries<p>Okta just flipped the script on cybersecurity by open-sourcing its Auth0 Rules Catalog. Imagine a community-powered playbook that spots threats before they strike—ready to change the game? Check out how this could redefine defense.</p><p><a href="https://thedefendopsdiaries.com/oktas-open-source-initiative-empowering-cybersecurity-with-the-auth0-rules-catalog/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedefendopsdiaries.com/oktas-</span><span class="invisible">open-source-initiative-empowering-cybersecurity-with-the-auth0-rules-catalog/</span></a></p><p><a href="https://infosec.exchange/tags/okta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>okta</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a><br><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a><br><a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a><br><a href="https://infosec.exchange/tags/auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>auth0</span></a></p>
Josh Lemon<p>🕵🏼♂️ Calling all Detection & Response People! 🚨</p><p>Don't forget to contribute to the SANS Institute Detection & Response Survey! </p><p>🔗 <a href="https://survey.sans.org/jfe/form/SV_afaP0wOMXHGLhDE" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">survey.sans.org/jfe/form/SV_af</span><span class="invisible">aP0wOMXHGLhDE</span></a></p><p>🗓️ It closes at the end of this week!</p><p>It would be great to get as much feedback from the community as possible. I'll be publishing the report towards the end of this year so everyone can benefit from the findings.</p><p><a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/CSIRT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSIRT</span></a> <a href="https://infosec.exchange/tags/CERT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CERT</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/SANSSurvey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SANSSurvey</span></a></p>
Graylog<p>🗣️ Let's talk about APTs (advanced persistent threats). 😬 An APT can gain access to your company’s systems and networks then hide within, and wait to complete objectives at a later time. ⏳👀 Since they can cause long-term damage to sensitive systems and data, understanding what they are and why they matter will enable you to better protect your org. 🛡️ </p><p>Read our latest blog to learn about:<br>🗝️ The key characteristics of APTs<br>⚔️ The 3 stages of an APT attack<br>🎯 The main motives and targets of an APT attack<br>🔍 How to detect an advanced persistent threat<br>👍 Best practices for mitigating, detecting, and responding to APTs</p><p><a href="https://graylog.org/post/advanced-persistent-threat-what-they-are-and-why-they-matter/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">graylog.org/post/advanced-pers</span><span class="invisible">istent-threat-what-they-are-and-why-they-matter/</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberattack</span></a> <a href="https://infosec.exchange/tags/TDIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TDIR</span></a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidentresponse</span></a></p>
Just Another Blue Teamer<p>Happy Monday everyone!</p><p>Cisco Talos researchers report on a "malvertising campaign" that involved the <a href="https://ioc.exchange/tags/PS1Bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PS1Bot</span></a>, which is modular and has "several modules delivered to perform a variety of malicious activities on infected systems." It has the capability to capture keystrokes from their victim, conduct reconnaissance and establish persistence. </p><p>This campaign involved Search Engine Optimization (SEO) poisoning and/or malvertising where the file name matched the keywords used in this target. The victim received a compressed archive that had a single file named "FULL DOCUMENT" which functioned as the downloader and retrieved the next stage. Powershell modules cam into play later that had the capability to detect which antivirus was being used by the victim, capture screen shots and key strokes, collect wallet information, and gain persistence, which is a pretty creative way of achieving it! But I won't spoil it! Find out for yourself and discover all the other details I left out! Enjoy and Happy Hunting!</p><p>Malvertising campaign leads to PS1Bot, a multi-stage malware framework<br><a href="https://blog.talosintelligence.com/ps1bot-malvertising-campaign/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.talosintelligence.com/ps1</span><span class="invisible">bot-malvertising-campaign/</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a> <a href="https://ioc.exchange/tags/inteldriventhreathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>inteldriventhreathunting</span></a></p>
Just Another Blue Teamer<p>Happy Friday everyone!</p><p>Really thankful for the opportunity to join Arun Warikoo at the SANS Digital Forensics and Incident Response Summit to talk about my passion, Threat Hunting. We focused on how to prioritize a structured-hunt (hypothesis driven) and when to conduct an unstructured, or a data-structured hunt. </p><p>A big thank you to Heather Barnhart and Phil Hagen for hosting and providing us the opportunity to speak at the event, it truly was an honor and an unforgettable experience! If you missed it in person or virtually during the event, here it is! Enjoy and Happy Hunting!</p><p>Making Sense of the Chaos: When to Conduct Structured and Unstructured Threat Hunts<br><a href="https://www.youtube.com/watch?v=VAVj1JE6dG0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=VAVj1JE6dG</span><span class="invisible">0</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a></p>
Pyrzout :vm:<p>The top CTEM platforms you should know in 2025 <a href="https://www.helpnetsecurity.com/2025/08/14/ctem-platforms-2025/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2025/08/14</span><span class="invisible">/ctem-platforms-2025/</span></a> <a href="https://social.skynetcloud.site/tags/vulnerabilitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilitymanagement</span></a> <a href="https://social.skynetcloud.site/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Don</span></a>'tmiss <a href="https://social.skynetcloud.site/tags/framework" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>framework</span></a> <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hotstuff</span></a> <a href="https://social.skynetcloud.site/tags/opinion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opinion</span></a> <a href="https://social.skynetcloud.site/tags/threat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threat</span></a> <a href="https://social.skynetcloud.site/tags/Ionix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ionix</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload