This reduced my Mastodon skepticism.

We're excited to announce that ExtraHop and Red Canary are partnering together to unleash a game-changing combination of ExtraHop’s Network Detection and Response and Red Canary’s security expertise.

redcanary.com/blog/extrahop-…

As a response to the #OpenSSL 3 vulnerability, Fox-IT's RIFT team has publicly released signatures for Suricata to help detect attempts at exploiting these vulnerabilities in your network.

github.com/fox-it/spookys…

#CyberSecurity #monitoring #suricata #pcap #Security #OpenSSL

When you’re thirsty but you want to stay thirsty?

Why I loved and left Washington: texastribune.org/2022/10/11/abb…

What happens to a brand-new sensor? Try a week-in-the-life of a newly deployed GreyNoise sensor to discover what kinds of benign activity it sees in boB Rudis 🇺🇦 🐘@[email protected]'s latest blog: greynoise.io/blog/new-senso…

This is super cool (and also confirms my suspicion that Censys does a really good job).

Interesting research! As a sanity check, I took a look at one of our internal sensors. For ExtraHop users, just filter Kerberos Request records down to AS_REQ and group by Server Principal Name. Only krbtgt/[domain] or kadmin/changepw should show up.

Just to check on if we’d notice this traffic, a colleague tried this tool in our sandbox and this was the result. twitter.com/lkarlslund/sta…

After a new hire asked if there was a bug bounty on a component I wrote (after I'd made some bold claims about it!), I said I'd pay them $100 out of my pocket, though I was rather specific about the bug classes :-) I'll be happy regardless of the outcome, I suppose.

The hardest targets in the world know they will never make initial access impossible.

The hardest targets in the world work to make initial access matter less.

Been thinking about the Ship of Theseus recently.

For a decade+, grammar-of-graphics approaches (ggplot, Tableau, #d3js , Vega/Altair) have been a leading way to make visualizations. Beyond chart templates & low-level programming, are there compelling alternatives? Or does the future lie in abstractions on top of these grammars?

He is spelling out quite clearly what his playbook is:

* scan the Internet for RCE vulns that they can exploit (e.g. in Fortinet, Sharepoint, Sonicwall)
* abuse Active Directory to spread across the network
* deploy randomware via Active Directory

Defend against that playbook.

A bundle of individual cyber insurance policies sold to a reinsurer is actually very close to a 'collateralized technical debt obligation'.

In 2001 I was a QA intern at Supertracks in Portland. They went under, but I still have the hat!

Apple's announcement of lockdown mode is (a) an acknowledgement that a consumer-level solution is necessary, (b) a declaration of security bankruptcy on the broader iOS ecosystem (facetime? iMessage?), (c) still a preference for ignorance with no verification or monitoring.

Periodic reminder that if your attack requires that you first somehow acquire the secret key to something, you have not in fact created a new attack.

The Apple 'Lockdown mode' does sound interesting. But what would really be a game changer would be system transparency so you could actually inspect your iOS device with jailbreaking it. After all how can you verify lockdown mode hasn't been tampered with?😐

Missing from iOS Lockdown Mode: new introspection or detection capabilities. If an attacker overcomes the attack surface reductions, you still won't know. i✌️erify, iTunes backups (MVT), or illicit copies of Cellebrite kit still your best, limited options.