#grrcon 🔥

Building an unofficial badge for #GrrCon https://www.cynicalsignals.com/building-an-unofficial-badge-for-grrcon-2024/

Thanks for making our biggest show ever a good one, ya bunch of degens! We hope you had a great time! We had fun with the new stuff like the Fat Ass Fun Run Relay, Shitter Con, and our new and improved VIP lounge, Club Abraham.

We’re looking forward to seeing you next year! April for our new exec conference, and early October for our regularly scheduled hacker homecoming at DeVos Place. There’s no cliffhanger - GrrCON will return like a character you thought died in a Marvel movie.

#grrcon #shittercon #hackerhomecoming #fafr #fatassfunrun #itsoversogtfo

Are you at #GrrCON this week? Make sure you stop by Booth 102 to see how you can peel back the layers of your enterprise and make your adversaries cry with #SecurityOnion!

#grrcon

Good morning GrrCon! Welcome to Grand Rapids all of you hackers and code crackers. Make it a great day ya’ll!

#grrcon #infosec

Excited to get back out to #grrcon say hi if you see me, god knows I’m too awkward to start a conversation

Hey #Grrcon. I'm Here.

What dis place? Who wants GrrCOiNs?! Getting ready for @GrrCON #grrcon #grrcoin

THE HACKERS ARE PACKING!!!
THE HACKERS ARE PACKING!!!
#GRRCON

LotL - Indicators of Attack

When defending against Living off the Land it's not solely about detection at the host level. Threat actors want to move through networks, gaining and elevating access. Here are a few areas to monitor when identifying suspicious network activity.

Inspect for Lateral Movement Techniques: An abnormal authentication event on a compromised computer or network may exhibit several signs, including:

1. Unusual Login Times: Logins occurring at odd hours or during times when the user is not typically active.

2. Failed Login Attempts: A high number of failed login attempts, especially from unfamiliar IP addresses or using incorrect credentials.

3. Unusual Locations: Logins from geographic locations or IP addresses that are inconsistent with the user’s typical locations.

4. Unexpected User Accounts: Logins by user accounts that are not normally used, or the appearance of new, unauthorized accounts.

5. Elevated Privileges: Login attempts that involve or result in unexpected escalation of privileges, such as a regular user account being used for administrative tasks.

6. Concurrent Logins: Multiple simultaneous logins from different locations or devices for the same user account.

7. Unusual Device or IP Address: Logins from unfamiliar or unauthorized devices and IP addresses.

8. Login from Known Malicious IPs: Access attempts originating from IP addresses flagged by threat intelligence as malicious.

9. Patterns of Failed Attempts Followed by Success: A pattern of repeated failed logins followed by a successful login might indicate brute-force attacks or credential guessing.

Monitoring these abnormal authentication events can help detect and respond to potential security breaches or compromised systems.

#cybersecurity #LOTLattack #grrcon

Whose going to be at #grrcon

"Living off the Land" (LotL) in cybersecurity refers to threat actors using existing tools and features within a target system or network to conduct their operations, rather than deploying external or specialized malware. This approach can help threats avoid detection by blending in with legitimate activities and leveraging tools like system scripts, administrative tools, or built-in utilities to achieve their objectives.

Over the following series of posts, I'll describe techniques for identifying threat actors engaged in Living off the Land (LotL). The posts will be broken into sections, such as, techniques for identifying threats in a Microsoft Windows environment, techniques for a Linux environment, network threats, lateral movement, and threat intelligence, among others.

I hope you find this topic beneficial.

I'll be providing a talk about this subject at the upcoming @GrrCON conference in Grand Rapids, MI, September 26-27, 2024, https://www.grrcon.com

#GrrCON #LOTLattack #LivingofftheLand

Putting together my slides for #GrrCON -- a beginner's guide to open source intelligence (OSINT) -- and I wanted to add a "what about AI" slide, but I'm realizing this could be a whole talk to itself.

On the one hand, AI offers the ability to scan through large volumes of data and summarize. And it's multi-modal, so it can transcribe audio, video, do OCR, &c. It can translate among languages instantly. Plus, it can do interesting things like sentiment analysis and predictive analysis.

But, it's got a problem with truth (and bias). Beyond just outright hallucinating, it suffers from the old garbage-in-garbage-out problem that it'll believe anything it's read. Taken further, it's a willing co-conspirator for creating misinformation and deepfakes to flood the zone with untruth.

This is going to get interesting. Maybe I'll ask a chatbot what it thinks of the whole situation.

I'm dropping 🫳💣💥 some open source #genai datasets📊, toolkits 🛠️and a model 🤖for #cybersecurity at the end of the month at #GrrCON. It's time to come together and change the game! I can't wait to see everyone.

https://grrcon.com/

Had a blast at the #misec social meetup in Lansing tonight. Hope to see you all at the next meetup or perhaps at #GrrCON at the end of the month! 🍔

Does anyone have a spare #grrcon @GrrCON ticket? I'd greatly appreciate it. Willing to pay face value obv.

I'm looking forward to speaking at @GrrCON, but what I'm really looking forward to is walking around the venue, meeting new people and listening to cutting edge pros speak about security trends. If you're there, come find me and say "hello".

#GrrCON #cybersecurity

What time do GrrCon tickets go on sale?

#grrcon #infosec #conferences #grandrapids

Unpacking after #grrcon has been the worst part