Author | Lightnews

Jorge Orchilles @jorgeorchilles.bsky.social · Apr 18

Save the date and register for the official release of the 2025 Verizon Data Breach Investigations Report hashtag#DBIR aka THE REPORT on April 23: www.brighttalk.com/webcast/1509...

2025 Data Breach Investigations Report Key Findings

The Verizon Data Breach Investigations Report (DBIR) is the authoritative source of cybersecurity breach information. This annual report provides an unparalleled, data-driven analysis of real-world cy...

www.brighttalk.com

Jorge Orchilles @jorgeorchilles.bsky.social · Apr 7

At VulnCon this week, if you are here, say hi. Already got a ton of value from this conference: did an SBOM workshop, a couple VEX talks from folks leading that effort in Cisco and Nvidia, and of course AI. Looking forward for the next few days!

Jorge Orchilles @jorgeorchilles.bsky.social · Mar 6

Formula 1 is back! If you played last year, you can rejoin without a passcode. If you would like to play, set up a team at fantasygp.com and DM me for the code to join #InfoSecF1

Reposted by Jorge Orchilles

Jake Williams @malwarejake.bsky.social · Jan 29

Threat intelligence is about more than just regurgitating indicators you found in someone else's reports.

If this is your idea of "threat intelligence" then AI is 100% coming for your job.

4 3 40

Jorge Orchilles @jorgeorchilles.bsky.social · Jan 29

Why did we try to learn *nix with this distro? So hard headed, such a good decision though!

Reposted by Jorge Orchilles

The DFIR Report @thedfirreport.bsky.social · Jan 27

🌟New report out today!🌟

Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware

Analysis & reporting completed by @r3nzsec, @MyDFIR & @MittenSec.

Audio: Available on Spotify, Apple, YouTube and more!

thedfirreport.com/2025/01/27/c...

Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware

Key Takeaways This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility. The threat actor used Rclone to exfiltrate data…

thedfirreport.com

1 10 24

Reposted by Jorge Orchilles

hasherezade.bsky.social @hasherezade.bsky.social · Jan 26

In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...

Process Hollowing on Windows 11 24H2

Process Hollowing (a.k.a. RunPE) is probably the oldest, and the most popular process impersonation technique (it allows to run a malicious executable under the cover of a benign process). It is us…

hshrzd.wordpress.com

38 58

Jorge Orchilles @jorgeorchilles.bsky.social · Jan 3

Didn't know you were on here, searched by another name :P

1

Jorge Orchilles @jorgeorchilles.bsky.social · Jan 3

This would be awesome! Probably after given some folks are taking training. I am still planning logistics but know a few folks may be down @securepeacock.bsky.social

2

Reposted by Jorge Orchilles

Olaf Hartong @olafhartong.nl · Dec 30

FalconHound 1.4.2 is out!

* Added Managed identity authentication for Azure based inputs (KeyVaults, MDE, Sentinel, GraphAPI)
* Added report command line option and actions
* Added HTML output option

Grab it here > github.com/FalconForceT...

Releases · FalconForceTeam/FalconHound

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log ag...

github.com

10 18

Jorge Orchilles @jorgeorchilles.bsky.social · Dec 28

Amazing shots! Thanks for sharing! Going to add to my bucket list along with Ferrari. We have done the BMW museum and factory in Munich and loved it

Jorge Orchilles @jorgeorchilles.bsky.social · Dec 16

Congrats!!!

1

Reposted by Jorge Orchilles

Gerald Auger, PhD @geraldaugerphd.bsky.social · Dec 16

Wicked pumped for our community to have won the SANS Difference Makers award 2024 "Podcast of the Year"

Community, Cyber, Coffee, and Carl

1 2 7

Reposted by Jorge Orchilles

Matt Johansen @mattjay.com · Dec 13

The Paranoids @ Yahoo was one of the oldest, largest, and highest reputation internal security teams in the industry.

A lot of good talent was built and trained there.

This is a shame.

1 6 23

Reposted by Jorge Orchilles

Jake Williams @malwarejake.bsky.social · Dec 4

If they find the perpetrator, I can't imagine how they manage to avoid jury nullification. It's not just patients. Change Healthcare (part of United) turned the lives of so many provider upside down and most will never be made whole.
nypost.com/2024/12/04/u...

Exclusive | UnitedHealthcare CEO Brian Thompson fatally shot outside Hilton hotel in Midtown in possible targeted attack: sources

The CEO of UnitedHealth was fatally shot in the chest Wednesday morning outside the Hilton hotel in Midtown in what police say was a targeted attack.

nypost.com

2 2 16

Reposted by Jorge Orchilles

Christopher Peacock @securepeacock.bsky.social · Dec 4

Purple Team metrics can be tough and conflated with BAS testing so here’s a few, but feel free to add your own in the comments.
1. Engagements with SOC per year/quarter.
2. Intel leads tested.
3. Custom tests to verify detection logic.
4. Request for testing completed %

1 3 11

Jorge Orchilles @jorgeorchilles.bsky.social · Nov 26

Excellent write up from the folks @volexity.com www.volexity.com/blog/2024/11...

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access

In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...

www.volexity.com

2

Reposted by Jorge Orchilles

Jake Williams @malwarejake.bsky.social · Nov 22

You won't always win. That's okay.

The goal is to win as many as you can and learn as much as you can from the ones you lose.

2 31

Jorge Orchilles @jorgeorchilles.bsky.social · Nov 22

Hi friends! Just switched over. Please connect so I can follow you back!

3

Jorge Orchilles @jorgeorchilles.bsky.social · Nov 24

This was before lights out. I took the pic and called it. #F1 #MexicoGP

Jorge Orchilles @jorgeorchilles.bsky.social · Nov 24

https://phrack.org/issues/71/2.html#article

Jorge Orchilles @jorgeorchilles.bsky.social · Nov 24

I first met @bsdaemon when I was randomly put on the BRA (Brasil) team at Hack Cup too many years ago (we went on to win and get free tickets to INFILTRATE). I had no idea who he was other than just a kind, fun dude that played soccer. Here is his profile:...

1

Jorge Orchilles @jorgeorchilles.bsky.social · Nov 24

C2 via Microsoft Windows print functionality? Yes please: https://diverto.hr/en/blog/2024-05-03-MS-Windows-Printing-C2/ Thanks for @c2_matrix shout out

Abusing MS Windows printing for C2 communication

Diverto is an information security company. We provide co...

diverto.hr

Jorge Orchilles @jorgeorchilles.bsky.social · Nov 24

We need to reset expectations. LLMs are not "discovering" novel attacks or 0days. They are lowering the barrier for entry for all types of hackers. Embrace it, let it help you. Criminals already are: https://thehackernews.com/2024/04/microsoft-warns-north-korean-hackers.html

Microsoft Warns: North Korean Hackers Turn to AI-Fueled C...

North Korea's state-linked hackers are enhancing their op...

thehackernews.com

Jorge Orchilles @jorgeorchilles.bsky.social · Nov 24

Spotted @BSidesTampa Learning some more Azure stuff with @SecurePeacock and a nice little demo @mrgretzky may recognize the tool