Come swing by the booth and say hey If you are headed to #RSAC next week. Be prepared for nerdy discussions.

Cool thing happened at work yesterday. I was notified that I won a "beacon" award, this is an award that leaders are nominated for by their teams. This is an award only approved for 1% of the people leaders in the company. I am exceptionally humbled and very thankful to my team for nominating me and writing all of the great things they did as part of the submission process. I will continue to strive to improve daily, but very proud of where we are as a team and the excellent future we have made.

The inaugural 2022 Talos Year in Review was released today! With the detail that went into this report, you don't want to sleep on it. Check it out in the link below. #dfir #blueteam #threatintel #talos

https://blog.talosintelligence.com/talos-year-in-review-2022/

I got to be a guest on Talos Takes! Talking about some of the best free ways to up your security learning game! #blueteamvillage #talos #defcon
https://www.buzzsprout.com/2018149/11586703

Just used #ChatGPT to discover information about my wife's family ancestry. Turns out that lineage goes deep into the Sassanian Empire and Persian royalty about 1800 years ago or so. Sometimes the internet is cool.

Friends, we're thrilled to finally announce the launch of our first paid course!

Python for Defenders, Pt. 2, is out now! $14.99 USD.

This course builds on the free PFD1 and examines how to use #Python and #Jupyter Notebooks to analyze forensic and logging data to detect and understand malicious activity.

The course also examines the craft of writing Notebooks for use in a defense team, from writing style to user interface design.

We hope you'll love this course, and all the others available at the Institute.

#InfoSec #CyberSecurity #BlueTeam

https://taggartinstitute.org/p/python-for-defenders-pt2

If you need something to put on in the background, NASA’s #Artemis livestream is absolutely spectacular right now. Yes, that’s the Earth and the moon. https://video.ibm.com/channel/b4dEcL3bJKW #space #science #nasa

Could I tempt you to boost this post, or get involved in a project to customise Linux for users with special needs/learning difficulties? I have two such children. Adults now (18). I want to do something for my boys and for people like them. 🙂❤️

I've already done a bit, using Ansible, with AlmaLinux and Ubuntu: https://github.com/robpomeroy/BrightOS

Please spread the word - I'm sure someone out there would love to get involved!

#SpecialNeeds #Linux #Education #NonProfit

📯 Thank you to everyone who made BSides Orlando 2022 a grand celebration of these unprecedented times. Farewell, for now, and fare thee well! 🐊🛡️

#DFIR #Threathunting Tip

When performing analysis to hunt for a specific MITRE ATT&CK technique, gathering information on potential tools, commands, and arguments in advance can be highly beneficial. One method that produces quick wins is to search that technique on GitHub where you can find basic detection logic from Red Canary, SIGMA, Swimlane, etc.


- Search all repositories on GitHub for technique (e.g. T1083)
- Switch search to ‘Code’ and Language to ‘Markdown’
- Sort by ‘Recently indexed’
- Review and integrate top findings into hunt
- Profit

Pals, I see a lot of people copy-pastaed their Twitter bio here - you can have longer and even formatted bios here, and remove all the kludges you did to make them fit on birdsite if you so desire! Remember, hastags of interests, groups, and topics help people find you. :a_trusted_friend:​

There are also custom emoji on your server (they vary) that you can utilize! (Here's a lookup to check a server's https://emojos.in/).

#MastodonTips

@13Cubed I know when I roll out of bed and see that 13Cubed YT notification, it's going to be a good morning. Thanks for the great content!

Happy Thanksgiving week! 🦃 Here’s a new 13Cubed episode about MUICache – a Windows forensic artifact that doesn't get a lot of attention. Enjoy! https://www.youtube.com/watch?v=ea2nvxN878s #DFIR #forensics

💚 everyone deserves to be loved 💙
💙 everyone deserves to be loved 💜
💜 everyone deserves to be loved ❤️
❤️ everyone deserves to be loved 🧡
🧡 everyone deserves to be loved 💛
💛 everyone deserves to be loved 💚

#Love #MentalHealth

RT @DirectoryRanger
Forensic artifacts in Office 365 and where to find them #DFIR
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865

The badge @bsidesorlando this year was awesome. The SAO was a nice touch; going to have to bring that with me next summer camp.

Slides from my "Attacking Azure Active Directory Under-The-Radar" talk at #BSides Orlando from this morning are available at https://aadinternals.com/talks

“We are releasing to the community a set of open-source YARA Rules and their integration as a VirusTotal Collection to help the community flag and identify Cobalt Strike’s components and its respective versions.”

https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse

#cobaltstrike

There’s been a lot of discussion about a rule we recently instituted regarding security testing on the infosec.exchange instance. I understand the value or pen testing as much or more than most people, and I’m fully cognizant that pen tests are happening all the time and I’m not getting the report. I get it. But there are now 28,000 people using this service to communicate. I know there are vulnerabilities waiting to be discovered. Finding blog post fodder by fuzzing instances that are already running hot due to explosive growth is not super helpful. But at the same time, I WANT that testing to happen.

As a result, I am going to set up two instances tomorrow that only federate with each other. This is where I’d prefer legitimate security testing be performed. I’ll also be using it as the QA environment to test new updates and settings prior to deploying to the production instance. I’ll moderate signups because I don’t want it accidentally becoming fediverse 2.0 in the ongoing rush for the doors at twitter, but will accept anyone who wants to join, with clear indications that it’s a sandbox and should not be considered safe.

Thanks for patience as we continue to find out way.