Stef Rand @techieStef
Senior Intelligence Analyst @RedCanary! Former DFIR @Mandiant, former @NetworkDefense intern. Psychology nerd. When I am not computering, I go outside and play! stefrand.com Atlanta, GA Joined August 2018-
Tweets787
-
Followers2K
-
Following471
-
Likes2K
Keeping up with threats and trends can feel like navigating a labyrinth in the dark. @techieStef & @ForensicITGuy explore topics from our 2024 Threat Detection Report, including initial access tradecraft, cloud abuse, identity attacks, and more. 🎬 🍿 youtu.be/4HTd6boLPDc
Tax season springs financially-themed phishing lures on users, and vulnerabilities continue to sprout up in this month’s edition of Intelligence Insights. redcanary.com/blog/intellige…
I do not have words for how much this delights me. These loud little birds are one of my favorite things in the world. Look ye upon this glorious wrendering that captures their noisy bossy chaos. Absolutely wonderful, @thepacketrat
I do not have words for how much this delights me. These loud little birds are one of my favorite things in the world. Look ye upon this glorious wrendering that captures their noisy bossy chaos. Absolutely wonderful, @thepacketrat
TDR Day 🥳🎉 also means it’s Threat Sounds release day!!! Vol. 4 has dropped and it’s epic, y’all! 🔥 redcanary.com/threat-sounds/
🚨 On February 26th and 27th Telekom Security and Bayern-CERT observed threat actor #TA577 phishing campaigns. This time the actor is not spreading malware, but apparently uses NTLMv2 handshakes to steal user credentials/hashes. 🧵1/7
More #CTISummit goodness, this time from @jamieantisocial sharing thoughts on Mitre ATT&CK mapping. Fave takeaway: CTI is all about effective communication. It's important to *enhance* reporting with helpful details like ATT&CK, not overwhelm. Like seasoning a dish just right!
Already loving @klrgrz’s talk on CTI fallacies and how much our words matter in our reporting. So many gems & good reminders already! Show your work, separate facts & feelings, check your biases & assumptions…all this in just in the first 10 minutes. 🔥 🔥 🔥 #CTISummit
Great talk happening now by @_mattmuir on cloud malware, specifically Legion & P2Pinfect. He's sharing tons of behaviors & IOCs in enough detail to create some solid detection opportunities, love to see it!
Really enjoying @MorganDemboski's talk on clustering RaaS affiliates, I love hearing how other teams approach this kind of work! The case studies she shared are great examples of focusing on tracking early details & behaviors, and not just the ransomware/payload. #CTISummit
I’ll be at the SANS CTI Summit in DC on Monday & Tuesday! There are a ton of folks I have interacted with here/online that I’ve never met in-person, so I hope y’all will come say hi if you see me & not mind if I do the same!
Denim Drongo hits the runway and FIN7 leverages MSIX files in this month’s edition of Intelligence Insights. redcanary.com/blog/intellige…
6 years! She’s come a long way from being a scared dog standing in the middle of the GA-25 Bypass south of Waynesboro on a cold morning. Glad we found each other, pup. You’ve brought me just as far. ❤️ Happy Gotcha Day, Tallulah!
The new RC blog on MSIX research is awesome. It is/was a complicated set of activity, big kudos to my fantastic coworkers for teasing out the details. This blog has all the good stuff, y’all: findings, IOC’s, detection opportunities, and MITRE ATT&CK mapping. Go take a look!
The new RC blog on MSIX research is awesome. It is/was a complicated set of activity, big kudos to my fantastic coworkers for teasing out the details. This blog has all the good stuff, y’all: findings, IOC’s, detection opportunities, and MITRE ATT&CK mapping. Go take a look!
SwiftOnSecurity @SwiftOnSecurity
403K Followers 9K Following computer security person. former helpdesk.Chris Sanders 🔎 �.. @chrissanders88
32K Followers 505 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSMDave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeKatie Nickels @likethecoins
54K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]Andrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.Sherrod DeGrippo 🦓 @sherrod_im
31K Followers 7K Following Strawberry Tempest. Weird security voyeur. Vibe merchant. CISO of your heart. Official USPS fan account. 🎉 Host of THE Microsoft Threat Intelligence Podcast.meg west @cybersecmeg
137K Followers 1K Following #CISSP | #CCSP | MSc #Cybersecurity | Sr. Cybersecurity Consultant @CrowdStrike | Tweets about #dogs & travel & APTs, oh my! | Opinions are my own.John Hammond @_JohnHammond
240K Followers 2K Following Hacker. Cybersecurity Researcher @HuntressLabs || https://t.co/qUeDM3lSClNasreddine Benchercha.. @nas_bench
10K Followers 1K Following Detection @nextronsystems | @sigma_hq & LOLDrivers maintainer | Avid learner and passionate about all things #Detection #SigmaKostas @Kostastsale
16K Followers 364 Following @TheDFIRReport member | Tweeting and following mostly #ThreatIntel,#malware,#IR & #Threat_Hunting. Opinions are mine only! 🇬🇷🇨🇦Will @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvilChristopher Peacock @SecurePeacock
6K Followers 2K Following Purple & Blue Teamer | Ex @RaytheonTech, @SCYTHE_IO, & @GD_OTS | BlackHat Course Author & Instructor | DEFCON #PurpleTeam Workshops | #100DaysofSigmaJamie 🔜 RSAsí �.. @jamieantisocial
6K Followers 5K Following 🤘@mitreattack for Enterprise Lead, former ATT&CK Evals water distribution engineer (the artists known as #UNC1799), @DistrictHeather ♥️🍷, he/him.Nick Carr @ItsReallyNick
38K Followers 4K Following Lead, Cyber Crime Intelligence @Microsoft ☠🏛️ Former Incident Response + Threat Research @Mandiant 🦅 Former Chief Technical Analyst @CISAgov 🛡️Paul Melson @pmelson
15K Followers 1K Following Author/Operator of @ScumBots. Blue Team by day, Blue Team by night. Opinions, typos, and bad grammar do not represent my employer. He/HimJake🇺🇦 @nicastronaut
3K Followers 1K Following VIBEINT SME & AI nerd @Mandiant Advanced Practices 🦅 @GoogleCloud // Boston ⚾🏈🏒 // #StopCyberPiracy // #NAFORed Canary @redcanary
28K Followers 1K Following 24/7/365 threat detection and response across your cloud, identity, endpoints and everything in-between. We got you: https://t.co/pFNwBJMvnxLina @d0rkph0enix
32K Followers 10K Following Palo Alto Networks, boxer, poker player, dog owner/operator, dork. Cars, vidya games, general cooking are my jam. Chiefs devotee. #SecKCTyler McLellan @tylabs
3K Followers 599 Following Intrusion aficionado. @Google/@Mandiant Advanced PracticesEboni Reiley @rei_ebo
48 Followers 5K FollowingOttilie Mainwaring @MainwariOtti
38 Followers 5K FollowingSarahPeggy @Ob2Fq9Loru9XI
0 Followers 140 FollowingSascha @Cyb3rB3ar
276 Followers 708 Following Blue turned Red turned Purple Teamer. Head in the clouds. Detection Engineering, DFIR, Deception. Ex-#SEC541 instructor. @[email protected]Craig @Cyber7Craig
80 Followers 1K FollowingRENJU JACOB @jacob_renju
50 Followers 315 Following #infomrationsecurity, #football, #messi, #Splunk, #Azure sentinel#, Phil 4:6The Visionnaire @fadeloye_
168 Followers 528 Following Believer • Cybersecurity Guy • Leadership Coachfulco @fulco
352 Followers 2K Following A random accumulation of cybersecurity skills | Avid Reader | Aspiring Author | PhotographerTK @Xtr403
4 Followers 303 FollowingAbhilash Katragadda @AbhilashKatrag1
3 Followers 66 FollowingM7md al-Aqeel محم�.. @MoeA193
77 Followers 2K Following 🇯🇴 🇸🇦 DTR Lead (DFIR / CTI / MARE) Cyber Defense interested studied Computer ScienceHiyami @Hiyami_JP
173 Followers 5K Followingdeennazur @NAZURUDEENSHAHU
66 Followers 863 FollowingDevanshi Likhite @DevanshiLikhite
5 Followers 172 FollowingVile @Vile_ircN
47 Followers 478 Followingsriram baradwaj @sriram_baradwaj
28 Followers 186 FollowingJared Sperli @JaredSperli
587 Followers 4K Following “He was a dreamer, a thinker, a speculative philosopher... or, as his wife would have it, an idiot.” security, California, coaching, and playing.Ygor Maximo @mxm0z
960 Followers 5K Following∆®€dDy@4 @dyoggofo
77 Followers 812 FollowingSecurity_Badger @Security_Badger
342 Followers 2K Following I just push buttons, sometimes things happen #dfir #misectjepl @tjepl
238 Followers 3K FollowingJohn Sanders @Sandman46615
147 Followers 1K FollowingMichael Francess @xECK29x
1K Followers 5K Following He/Him, #Isles, infosec DFIR, straight edge, EHM DB and EA NHL rosters guy. Mostly RTs.Robin Brandl @robinbrandl
2K Followers 5K Following VP Global Strategic Alliances - EUC Expert - DaaS - Remote Work - Mobility - Intl Speaker - Husband - Father of 3 Amazing Children! Tweets are My Owncivit @Z3TAE
51 Followers 435 FollowingFelipe Nascimento @f7nascimento
417 Followers 2K FollowingMike The Joyful US Ba.. @thefellamike
1K Followers 6K Following manteniendo la concentración sin distracciones open to suggestions / DM is open.7-Zark-7 @7Zark76
159 Followers 1K Following «Φύσει μέν ἐστιν ἄνθρωπος ζῷον πολιτικόν» | IT Guy | Also, Star Trek Online and HumourStephen B @nitefall
0 Followers 5K FollowingOriginal Jedi @infoSecSki
93 Followers 1K FollowingElnur @Elnur11424996
13 Followers 36 FollowingAli @Mz_Lecy
332 Followers 551 FollowingAdel Ka @0x4D31
3K Followers 2K Following full-stack threat detection engineer at @Nianticlabs | x-google lead security engineer, d&r. views are my own, not my employer's!Rohan @ddrroohhaann
10 Followers 711 FollowingAdolfo Grego @adolfogrego
3K Followers 841 Following Cyber { Security | Intelligence | Forensics | Risk | Investigations }. CTO, CISO, Professor and Mentor.Panos Kouts @PanosKouts4
6 Followers 224 FollowingAbdul Wahid @W_a_hid
21 Followers 347 FollowingFlorian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇SwiftOnSecurity @SwiftOnSecurity
403K Followers 9K Following computer security person. former helpdesk.Chris Sanders 🔎 �.. @chrissanders88
32K Followers 505 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSMDave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeKatie Nickels @likethecoins
54K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]Andrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.Sherrod DeGrippo 🦓 @sherrod_im
31K Followers 7K Following Strawberry Tempest. Weird security voyeur. Vibe merchant. CISO of your heart. Official USPS fan account. 🎉 Host of THE Microsoft Threat Intelligence Podcast.meg west @cybersecmeg
137K Followers 1K Following #CISSP | #CCSP | MSc #Cybersecurity | Sr. Cybersecurity Consultant @CrowdStrike | Tweets about #dogs & travel & APTs, oh my! | Opinions are my own.John Hammond @_JohnHammond
240K Followers 2K Following Hacker. Cybersecurity Researcher @HuntressLabs || https://t.co/qUeDM3lSCl4n6lady @4n6lady
57K Followers 694 Following #DFIR & #BlueTeam | IR & Threat Detection | #OSINT enthusiast | waiting for HL3 | AWS CIRT - my views are my ownKostas @Kostastsale
16K Followers 364 Following @TheDFIRReport member | Tweeting and following mostly #ThreatIntel,#malware,#IR & #Threat_Hunting. Opinions are mine only! 🇬🇷🇨🇦shenetworks @shenetworks
72K Followers 881 Following a menace • hacker • shenetworks @ TikTok & YouTube & Twitch (She/Her) “She’s a fake lying guru”- Crusty Twitter ManWill @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvilThe DFIR Report @TheDFIRReport
53K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion. Services: https://t.co/XW613EKt2wChristopher Peacock @SecurePeacock
6K Followers 2K Following Purple & Blue Teamer | Ex @RaytheonTech, @SCYTHE_IO, & @GD_OTS | BlackHat Course Author & Instructor | DEFCON #PurpleTeam Workshops | #100DaysofSigmaJamie 🔜 RSAsí �.. @jamieantisocial
6K Followers 5K Following 🤘@mitreattack for Enterprise Lead, former ATT&CK Evals water distribution engineer (the artists known as #UNC1799), @DistrictHeather ♥️🍷, he/him.Nick Carr @ItsReallyNick
38K Followers 4K Following Lead, Cyber Crime Intelligence @Microsoft ☠🏛️ Former Incident Response + Threat Research @Mandiant 🦅 Former Chief Technical Analyst @CISAgov 🛡️Paul Melson @pmelson
15K Followers 1K Following Author/Operator of @ScumBots. Blue Team by day, Blue Team by night. Opinions, typos, and bad grammar do not represent my employer. He/HimAndrew Northern 𓅓 @ex_raritas
4K Followers 922 Following 🔮 Senior Threat Researcher at @proofpoint 🔮 | Knowledge Piñata 🪅 | Attack Chain Connoisseur | EpicureanSOTUS @SteamboatUSA
7K Followers 3K Following Those Black lives? They matter. Deeply. He/Him/His. DV survivor advocacy is important to me. Recovering litigator, now in-house.Mt. St. Helens @MtStHelensWA
116K Followers 0 Following I’m here to explain myself. #parody Team Mt. St. Helen’s store ⬇️ConcernedApe @ConcernedApe
1.2M Followers 93 Following creator of Stardew Valley -- working on "Haunted Chocolatier"Silas Cutler // p1nk @silascutler
13K Followers 2K Following Hacker, sometimes researcher @Only_Scans, @mal_share Resident Hacker @InsideStairwell, Adjunct Senior Cyber Threat Researcher @IST_org,ArtButMakeItSports @ArtButSports
455K Followers 230 Following I turn Art into Sports (and vice versa) | NO AI USED | “Everything I didn't know I needed" - follower testimonial | See inspiration? DM/tag usCatherine Curzon @MadameGilflurt
38K Followers 569 Following Creator of #frockingfabulous. I write bestselling WW2 sagas as Ellie Curzon and history books as me! Always gandering. Tips👉 https://t.co/W4WZU6S3WVMitch Clarke @snozberries_au
376 Followers 307 Following Mandiant incident response lead, United Kingdom and IrelandEvan Lampert @drlamprt
50 Followers 112 FollowingGrace @euphoricfall
1K Followers 1K Following Cofounder @pulsedive cybersecurity #threatintel | watercolorist | hyperserious board gamer | still borrows books from the public libraryJoe Słowik 🌻 @jfslowik
29K Followers 1K Following CTI, OT/ICS, DE&TH, and related infosec content. Oh, and memes. And shitposting. Lots of shitposting.InfoSecProf @_John_Doyle
2K Followers 808 Following Cyber threat intelligence | Mandiant | SANS FOR578 instructor | Member of @curatedintelligence | Arcane Trickster | Ex-CIA | Posts represent my personal viewsPaul Jaramillo @DFIR_Janitor
2K Followers 616 Following "In the beginning the Internet was created. This made a lot of people mad and was widely regarded as a bad move", DFIR enthusiast, personal accountMorgan Demboski @MorganDemboski
1K Followers 745 Following Cyber Threat Intel Analyst 🏹 @Sophos | A self-proclaimed expert in cyber & geopolitics (opinions = my own)Regular Obsession @reg0bs
358 Followers 1K Following SOC Tech Lead. Lecturer. Course Author. Security and Data Enthusiast. Coffee Nerd. He/Him.Erica Peterson @ericalikestech
3K Followers 4K Following Sales & Marketing @vtxproject | J.D. Candidate @duqklinelaw | Board Member @kc7cyberteddy @acatnamedteddy
15K Followers 86 Following teddy is a ~12 y/o former street cat, nap enthusiast, and treat connoisseur. all opinions are his ownDan Savage @fakedansavage
366K Followers 3K Following Daily Caller: "A deviant of the highest order.” Savage Love! Savage Lovecast! My weekly sex-advice column, podcast, and more are available at https://t.co/BnXklxTQiV!Pinsent Tailoring �.. @zackpinsent
49K Followers 806 Following Period tailor, vocal on social and political issues while being immaculately dressed. on YouTube, Patreon and Insta.Shirley Raines @beauty2streetz
123K Followers 10 Following Beauty 2 The Streetz is a 501c3 nonprofit organization that provides makeup, showers, hair color + for homeless women! Servicing Skid Row. CLICK TO DONATE! ⬇️⬇️Isa // Lord of Crows @Secondlina
162K Followers 5K Following Isa / bi ace ink witch (her/they) ♊️ Co-creator of the webcomics Namesake, Crow Time & Trinket @Hiveworks 🐝 / Agent: @Grahamophones.Ben Naumann @InternetJumbo
22K Followers 1K Following Sketch Comedy, Pitt Sports, Subway Tuna Subs, Proud Skechers Sponsored Athlete, #H2PGävlebocken @Gavlebocken
46K Followers 0 Following Jag är världens mest kända halmbock, gillar jul och har svårt för tändstickor. I’m THE straw goat of the world, I fancy Christmas and I don't play with matches.Germán Fernández @1ZRR4H
29K Followers 575 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher en https://t.co/rDrSxZASB3 | @CuratedIntel Member | 🥷🧠🇨🇱Gi7w0rm @Gi7w0rm
14K Followers 678 Following Threat Intelligence and #URINT Analyst | See my Linktree for other socials | In case I post false intel, contact me! Support me: https://t.co/5WgDqr0K8pCurated Intelligence @CuratedIntel
13K Followers 108 Following Bringing together intelligence researchers and incident responders. #TrackThePlanetGeorgia Weidman @georgiaweidman
37K Followers 8K Following Author: Penetration Testing https://t.co/GA8xKdkaTf Founder: @bulbsecurity & @shevirahsec Professor: @UMDGlobalCampus currently writing 2nd editionJAMESWT @JAMESWT_MHT
35K Followers 419 Following #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcWFabian Marquardt @marqufabi
544 Followers 758 Following CTI Analyst @ Deutsche Telekom Security. Open source. Open data. Tech geek. Tweets in 🇩🇪 and 🇬🇧. Views are my own.ExecuteMalware @executemalware
26K Followers 190 Following #malware hunter & analyst. Opinions are my own.Mikhail Kasimov @500mk500
3K Followers 549 Following Malicious traffic detection system -- @maltrail -- co-developer Maltrail Demo Page: https://t.co/eimXdZvjWo Maltrail FAQ: https://t.co/Kne9lewPHTzach diehl @zachmand00
30 Followers 2K FollowingJason Lynch @jayl0w
601 Followers 2K Following Blue Team | Former 82nd airplane gang | weimaraner advancement leagueSeth Geftic @Geftic
894 Followers 2K Following VP of Product Marketing @RedCanary - over fifteen years in cybersecurity.Chris @cbecks_2
736 Followers 2K Following Infosec and the Green Bay Packers. Interested in all things DFIR, Detection Engineering, Purple, and CTI. Opinions are mine, certainly not those of my employer.Joe Roosen @JRoosen
8K Followers 1K Following SpyCloud - Security Research Manager, Cryptolaemus Coordinator, Emotet(Ivan)/QBot(Boris) hater, gold prospector & former sysadmin.Alexander Leslie @aejleslie
3K Followers 398 Following Cybercrime & Hacktivism @RecordedFuture | @Georgetown, @AmericanU Alum. | @CuratedIntel Member | #ChiefsKingdom | Opinions are my own.Myrtus @Myrtus0x0
7K Followers 699 Following Malware Researcher | Developer | @Cryptolaemus1 | @Proofpoint. Will happily talk about malware with anyone. bsky: [email protected]TEAM CYMRU - Threat R.. @teamcymru_S2
4K Followers 87 Following Follow us for the latest blogs and IOCs from the Team Cymru Threat Research Team (@teamcymru) @[email protected]Frank Lee @cyb3rp4nd4
172 Followers 183 Following TH at @RedCanary | formerly DFIR at @Unit42_Intel | Tweets and opinions are my own.Nicolas Caproni @ncaproni
8K Followers 4K Following Head of @sekoia_io Threat & Detection Research (TDR) Team #SOCplatform #XDR #SIEM #CTI #TIPgregclermont @gregclermont
401 Followers 1K Following Cybercrime threat intel and detection shenanigans at https://t.co/D9ptVmYpGETrent !Reznor @pr1ntf
3K Followers 5K Following Student pilot sometimes. WX nerd. Computer security. Don't tell my employer I tweet. (Tweets are own) Sports and synths too ⛸️🏉🏒🏍️🏎🏁🎹🎛️🔊 he/himedx @criznash
2K Followers 5K Following security, drum and bass, stuff and things. AHAtian, w00er, professional hard chatter. moderator @ https://t.co/cuKZCaVhGJ - blog @ https://t.co/cvnX7XrYVg - he/himpoorly drawn cats @poorlycatdraw
457K Followers 180 Following my name is heloísa, i’m from brasil, and i like to draw cats - this is the only account i own! the one and onlyThe Dark Alliance between GuLoader and Remcos. A great talk by Alexey Bukhteyev It was an honor for me to work on this research. youtube.com/watch?v=MRrraT…
A blessing. A sign that the gods favor us. The divine wind of their holy boon propels us towards a new, brighter dawn. hollywoodreporter.com/movies/movie-n…
Seems @sekoia_io sinkholed a #PlugX C2 and observed around 100.000 devices from 127 countries connecting. Good job on this investigation 👍 blog.sekoia.io/unplugging-plu…
Unplugging PlugX - Sinkholing the PlugX USB worm botnet - #plugx #mustangpanda #worm blog.sekoia.io/unplugging-plu… (h/t @charlesmeslay, @r1chev & @sekoia_io)
Come hear me talk about malicious installer packages tomorrow at 2 PM ET! :) Sneak preview: 🦇, 🐀, and🧃! Registration link ⬇️⬇️⬇️
The Detection Series returns! Next week, experts from Red Canary and @MITREattack will discuss: 🏗️ How installer packages work on different OSs ✍️ How adversaries are currently abusing them 🛡️ How to defend against malicious installers Register now: redcanary.com/resources/webi…
Today, @Mandiant published #MTrends2024, the 15th edition of the report. This report has everything - Frontline Intel Metrics, Hot Zero-Day Summer, Attackers Living on the Edge, insights into☁Threats, evolution of 🎣... Get your copy here: cloud.google.com/security/resou…
Unfortunately, command-line execution logging and Sysmon logging are not enabled, and no EDR tool is installed on the system. For bonus points, name a threat actor who has been known to use this technique.
Investigation Scenario 🔎 You’ve discovered regsvr32.exe running from the C:\Users\Username\Appdata\Roaming directory on a Windows system. What do you look for to investigate whether an incident occurred? #InvestigationPath #DFIR #SOC
Shout out to @techieStef for complaining about seeing this enough that it inspired the scenario.
@EwaSR Never test the temper of a patient person. They reserve their ire so selectively that when they do go off it’s *spectacular.*
Keeping up with threats and trends can feel like navigating a labyrinth in the dark. @techieStef & @ForensicITGuy explore topics from our 2024 Threat Detection Report, including initial access tradecraft, cloud abuse, identity attacks, and more. 🎬 🍿 youtu.be/4HTd6boLPDc
Adversaries have exploited CVE-2023-48788 in FortiClient EMS to install unauthorized RMM tools and PowerShell backdoors. Here's what we've observed and what you can do about it. redcanary.com/blog/cve-2023-…
Many people requested stickers ✨️
“He sat on the bank, while the river still chattered onto him, a babbling procession of the best stories in the world, sent from the heart of the earth.” - Kenneth Grahame, The Wind in the Willows #coloradoriver #grandcanyon
A couple reminders for this weekend...
Thanks so much to everyone who came to my #ShmooCon talk! Here are my slides hosted on Google Drive. drive.google.com/file/d/1sOI21T…
Delighted to report the oldest attestation of the phrase "silly goose" I've ever seen This Old Norse skaldic stanza (ca. 1300) calls a man a fool for refusing to learn about the law. He's called a "gassi", lit: a goose
@redcanary I am seeing similar activity to your redcanary.com/blog/intellige… from last May. Changed from support.onli-ne[.]com to support.dwnload[.]online Then: ps.c-0[.]uk/in.mp3 This is taking screenshots of the user's device and sending to dll[.]lat. I am seeing 502 right now.