There are individuals that you meet in your life that leave a mark, not just for their kindness & care, but for their humbleness & friendship. @d0ublebind is such individual and more! . Please consider donating and send him lots of love ❤️ . #FuckCancer.

RT @LitMoose: It doesn't matter if you know him or not, if you're seeing this, @d0ublebind has affected your life somehow. He got me throu….

If you are looking for very skillful, knowledgeable, and great human beings for your Red Team, please consider @Salbei_ and @Micheal_merrill . I worked with them for many years and with confidence can say that your team will greatly improve with them!.

Last year we used JuiceShop with a twist during our CTF. If you want to learn more about bug bounty and app security Juice Shop is a fun way to get started!.

This, get familiar with your logs and how they can help you find this much more practical and likely scenario. Then, have a documented plan on how to respond and mitigate!.

Just in case, not bashing on them. Things happen and we all learn from them. But it was a good opportunity to highlight the choice of words on the tweet. The report released lacks the details many us were probably expecting, but is short and on point for what it is.

Great use of the word likely in context of an investigation for which data may not be conclusive. When not fully sure, likely is a good word to choose. Their 2nd tweet tells the story, it was 2FA, the lack of it, plus “likely” an easy to guess password…. Kudos for the report!.

RT @jrozner: If anyone is looking for an internship for next summer our security engineering team (Paranoids Engineering) has a spot open.….

We designed the CTF for you to choose your own adventure!. Ultimately you are in charge of the path you want to pursue, but keep in mind, some paths may have some unwanted penalties, or immediate benefits! . See you @defcon 32!.

Just as IRL, tools are not always working, the indexed telemetry wasn’t always properly ingested. You will have access to velociraptor data, some of which was collected incorrectly…. You need to leverage your IR skills & find ways to overcome these & other obstacles to win!.

Besides the breach, you have to uncover multiple things going on. We love insider threats… . The environment for your investigation covers multiple operating systems, including OT, where you will find critical devices (PLCs, RTUs,etc).

What makes our CTF different?. You play the role of an IR consultant responding to a breach. You get access to host telemetry via a SIEM of your choice (graylog, elastic or splunk) . Net telemetry via Arkime or pcaps. Security Onion provides an easier path 4 the less experienced.

We have ambitious goals. Our CTFs are based on real events and APTs. We need your help to accomplish our goals and have an immersive CTF for folks of all skill levels. Reach out if you have any questions! . Please apply asap!.

RT @jrozner: Our Platform Security team is looking for a new sr. security engineer. Come work with us! Role is remote. .

RT @coolestcatiknow: @plugxor @1njection @CptOfEvilMinion @TilottamaSanyal @defcon @BlueTeamVillage I am so grateful to have worked on this….

To my knowledge this was the first MacOS Threat Hunting workshop that attempted to show how to properly EMULATE an adversary. Next week datasets will be uploaded for you to load into the SIEM of your choose + pcaps. Would you like to see a similar workshop? If so, for what APT?.

Back in 2021 @coolestcatiknow @1njection @CptOfEvilMinion @TilottamaSanyal and I, presented a 2 day MacOS workshop @defcon @BlueTeamVillage on Emulating & Threat Hunting APT 32: OceanLotus. The workshop was kept private until today. You can play along: .

…Use the information to learn how to EMULATE an actor and leverage the data to improve your cyber defense program. Use the information to challenge your vendors' marketing nonsense!. <end>.

…In this regard, Mitre is taking the time to EMULATE an actor. The attention to detail required is available to you on their results and documentation. This information is a must for folks conducting threat hunting, detection engineering, or purple teaming. 7/x.

…It provides information that can be used to alter a TTP to evade an EDR completely. Please take a deep dive into the data @MITREengenuity is presenting. There is a HUGE distinction between conducting an actor emulation vs. simulation. 6/x.