Does anyone else read @ThinkstCanary ThinkstScapes? How are you opening links to the respective blogs, my PDF reader doesn't recognise them as links and chromium won't let me right click and left click loses my spot in the doc 😔.

I'll be at @fwdcloudsec Europe today. @PwnedLabs have kindly gifted some vouchers for their new MCRTP course - Microsoft Cloud Attack and Defence. Come find me if you're interested!.

Anyone at @fwdcloudsec Europe this week?.

If your company has bitlocker enabled and you're looking for a way for employees to get access to their recovery key, they may be about to get it here on work phones:

Does CrowdStrike sensor policy update affect channel files too? Are customers on N-1/N-2 Builds affected?.

CrowdStrike have updated their Tech Note: "Note: Bitlocker-encrypted hosts may require a recovery key.".

Am I missing something? This CrowdStrike "fix" requires that the user knows the Bitlocker recovery key, or Bitlocker be disabled? . In 2024, are organisations not Bitlocker encrypting their devices?. It's going to be a rough weekend! 🙁.

Get the report here:

"In nearly all of Mandiant's investigations involving compromised cloud accounts, attackers were observed enrolling their own MFA methods shortly upon gaining initial access." Mandiant M-Trends 2024. Great detection use case, especially with some user automation to validate!.

How is AWS SkillsBuilder so bad as a learning platform? Logged out every time I come back to continue learning. Training video quality varies massively. Labs take an age to deploy and there's no automatic scoring. How is this the most popular cloud? 😂 Is everyone using Udemy?.

Currently working through FOR509 and can't stress how powerful and useful some of the Red and Blue labs are in @PwnedLabs to take the training to another level!.

What custom tools are IR teams using for timelining investigations? Besides Sheets/Excel 😂.

Interesting episode on @riskybusiness about secure enterprise browsers. @island_io sounds very similar to Google's BeyondCorp Enterprise. Anyone looked at both and can share some insights?.

With Google Authenticator now supporting cloud sync, what suggestions do folks have for 2FA apps? Google w/ online sync? Google w/o sync? Authy? An authenticator linked to a Password Manager?.

Any other @dashlane customers happen to have had a random person to their Friends & Family account? I emailed the email and it was a poor user who had been trying to get support and had been given the wrong link to link their account. Pretty poor for a Security company. .

In over 10 years of working on blue teams, only once have I worked with an EDR that could leverage YARA rules for in-memory scanning.

Who actually uses yara rules in their SOC/threat detection capability outside of TI functions? Do many commercial EDR solutions actually support scanning with YARA rules? Are companies deploying random scripts to perform YARA scanning?.

Hey @EastMidRailway Why are your train staff so imposing when trying to get onto a train? It's one thing to enforce having a ticket to travel, another thing to stand and block anyone getting on without showing a ticket. I've never seen this before on any line?.

RT @egre55: I'm excited to announce that @PwnedLabs will soon offer individual and business pro subscription tiers, building on our free of….