You should come! #BlueTeamCon will be a great experience #cybersecurity #chicago

📣 Blue Team Con 2023 Speaker Highlight 📣

Blue Team Con 2023
25-27 August 2023
Chicago, IL

Tabatha DiDomenico
Talk Title: Volunteering FTW: A Path to Learning, Career, and Community Growth

See abstract: https://blueteamcon.com

Our team has been working tirelessly on a brand-new website. Well, we are excited to announce... IT IS LIVE!! Check it out! →→ https://wildwesthackinfest.com/

#StarWars #PrequelMemes #Shitposting

IMPORTANT: If you submitted a request for feedback on your submission, we've tonight discovered that the replies were not being received.

We've since forwarded all of the feedback to the appropriate email addresses so that should now be in your inbox. We cannot apologize enough for this mix-up and we do hope to see those submissions come in from you still!!!

https://blueteamcon.com/2023/cfp/

  

lesley's first law of internet plausibility: it is basically impossible to tell the difference between messages written by a extremely excited person, and stuff written by a very good scammer.

Call For Papers

International Speakers: Blue Team Con is not a Chicago or North American only event. We are interested in your talks as well!

See the varying topics we are interested in and submit here: https://blueteamcon.com/2023/cfp/

  

Blue Team Con Online - See previous Blue Team Con talks on our Discord! - https://btcon.link/Discord

Join us on this Thursday, February 16th, at 10am CST for "Preparing Your IT SOC For OT Network Security Monitoring" by Wesley Lee!

Looks like I'll be giving a presentation about Stuxnet next Wednesday evening at Johns Hopkins SAIS that will be open to the public.

We're working out the time now -- 6 or 6:30pm. I'll send out a notice when everything is finalized.

This came about because MJ Emanuel asked if I'd be interested in guest lecturing about Stuxnet or ICS security to her class at SAIS. It seemed like there might be other students and people outside of Johns Hopkins who might also be interested so they've decided to open it to anyone.

@Antisy_Training @hal_pomeranz pwd, of course!

One more time, for the people at the back: domestic abusers FREQUENTLY have the passcode to their target's phones, either through coercion or shoulder-surfing. Monitoring software that requires a passcode in order to install it is STILL STALKERWARE. The defining trait of stalkerware it is designed to deceive the user into thinking their data is not being exfiltrated.

  

Microsoft's WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN's SSL/TLS certificate expired.

https://www.bleepingcomputer.com/news/security/microsoft-winget-package-manager-failing-from-expired-ssl-certificate/

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a script to recover VMware ESXi servers encrypted by the recent widespread ESXiArgs ransomware attacks.

https://www.bleepingcomputer.com/news/security/cisa-releases-recovery-script-for-esxiargs-ransomware-victims/

@hacks4pancakes Similar skillset, including fixing buttons, and stuffed dog toys :)

@hacks4pancakes Thank you 7th grade home economics!

On our web filter we have a list of risky extensions not allowed to be downloaded from most categories of sites. This seems to neuter many attack campaigns with only minimal overhead. Stops spam linking sketchy files from compromised Wordpress sites cold.
Is it a literally perfect allow-list that goes through a security review of every site on the internet? No, but it is another layer that just throws wrenches in attacker gears.