Christopher Peacock
LightNews LightNews
banner
securepeacock.bsky.social
Christopher Peacock
@securepeacock.bsky.social
1.2K followers 130 following 33 posts
I find weird things on networks. #PurpleTeam | Ex Raytheon MSSP, SCYTHE, & GD | Taught at BlackHat & DEFCON | #100DaysofSigma | Keep exploring, keep learning, and stay curious.
Posts Media Videos Starter Packs
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Jun 29
Update: looks like the link on the page is a drive by compromise.
securepeacock.bsky.social Christopher Peacock @securepeacock.bsky.social · Jun 29
Cancer(.)gov, which is registered to the NIH, is hosting a page that lets you illegally stream the new F1 Movie 🧐

events.cancer.gov/sites/defaul...
1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Jun 29
urlscan.io/result/0197b...
events.cancer.gov - urlscan.io
urlscan.io - Website scanner for suspicious and malicious URLs
urlscan.io
1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Jun 29
Cancer(.)gov, which is registered to the NIH, is hosting a page that lets you illegally stream the new F1 Movie 🧐

events.cancer.gov/sites/defaul...
1 2 2
Reposted by Christopher Peacock
jaiminton.com
CyberRaiju @jaiminton.com · Jun 24
New Octowave Loader sample is leading to Amatera Stealer deployment over the past week.

0 VT detections on any component of the malware loader.
Proofpoint rules detect the outbound C2 traffic.
My Yara rule detects the installer.
2 4 6
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Apr 4
This seems like a project to watch 👀
thebleucheese.bsky.social thebleucheese 🎷 @thebleucheese.bsky.social · Jan 26
i published a tech preview of a side project. not announcing it anywhere else aside from here for now since it still needs a lot of work. it's buggy and will ruin your computer (intentionally... because cybersecurity adversary simulation). closed source for now, might change later. www.macat.io
MACAT - Adversary Simulation
www.macat.io
1 2
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Mar 26
How to properly evaluate a CVE score:
1. Is Gossi freaking out?
2. Is Florian freaking out?
3. Does SANS have an emergency webcast?
4. Are all your red team friends losing their minds over how crazy easy it is to give them awesome access.
3 8
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Mar 12
Well the other thing is, I’m pretty sure they were getting bounce back emails for like 3-6 years and didn’t noticed the email was no more…
1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Mar 11
Every marketing email I’ve ran into in this research project has some tokenized unsubscribe link, but they don’t even offer that.
1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Mar 11
I can’t make this up. I bought an expired MSSP domain, and set up mail forwarding for all emails. I’ve tried to unsubscribe from getting an ISAC’s TLP Amber emails but they wont stating I must, “email from an email associated with the ISAC account receiving these emails.” 🤦‍♂️
1 1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Feb 23
I checked out the #ZeroDay series on Netflix and I think this depiction of events would take too many coordinated attacks. The Russian targeting of Ukraine with Blackenergy and Industroyer is more realistic to what happens. The scenes I saw more resemble an EMP attack.
1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Feb 22
Stock up toilet paper now! 😂

www.scmp.com/news/china/s...
Chinese team finds coronavirus that could infect humans via same route as Covid
Research was led by Shi Zhengli, a virologist known as the ‘batwoman’, who is best known for her work on coronaviruses at a lab in Wuhan.
www.scmp.com
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Feb 15
Probably because most small and medium sized app businesses are just that 🤷‍♂️

Most start ups have a base and then duck tape on as fast as they can to make sales happen. By then, it’d eat up too much revenue to rebuild the code right.
1 1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Feb 14
This is why I think TTP count is a terrible metric. You either detect the procedure adversaries use or you don’t, this count of 4 for whoami /all is meaningless in most cases.
1 3
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Feb 10
Before rushing to secure GenAI, make sure your DevSecOps and AppSec foundations are solid. GenAI is just another piece of the application stack. Security fundamentals are crucial. To help understand it, GenAI vulnerabilities are a lot like SQL vulnerabilities.
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Feb 6
Interesting talk today by @wietzebeukema.nl. Make sure you follow him and check out his GitHub too.
3
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Feb 6
Excellent comparison chart:

argfuscator.net/entries/comp...
Comparison of entries on ArgFuscator
argfuscator.net
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Feb 6
argfuscator.net
ArgFuscator
Generate obfuscated command-line arguments for common system-native executables now with ArgFuscator.
argfuscator.net
1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Feb 6
Today at WWHF Wietze is dropping Invoke-ArgFuscator 👀

t.co/b4Agg3nveJ
https://github.com/wietze/Invoke-ArgFuscator
t.co
1 3
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Jan 31
🚨 Last day to submit a CFP ‼️
Get yours in ASAP. Last year saw nearly 2,000 registrations. This is one of the best B-Sides in the world. Oh and did I mention you can visit beautiful Florida beaches during your trip in May?

events.bsidestampa.net/BSidesTampa2...
BSides Tampa 2025
TAMPA BAY'S PREMIER IT SECURITY CONFERENCE. BY THE COMMUNITY. FOR THE COMMUNITY. 40+ Speakers | 7 Tracks | 1000+ Participants
events.bsidestampa.net
2 3
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Jan 30
Who’s going to WWHF Denver?
1 2
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Jan 30
Heard this on a podcast and it really resonated with me.
1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Jan 29
Contrary to popular belief, piping IOCs to your SIEM does not mean you’re making CTI actionable.
bart simpson is looking at a cake that says at least you tried
ALT: bart simpson is looking at a cake that says at least you tried
media.tenor.com
1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Jan 3
I’m head to Breck Friday and skiing Saturday-Sunday.
1
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Jan 2
One of the best career tips I can share is to care about the people you work with. Not everyone will be receptive, but those who are can become invaluable connections in your career journey—and in life.
3
securepeacock.bsky.social
Christopher Peacock @securepeacock.bsky.social · Dec 17
One piece of advice to give new SOC analysts is to have humor.

Working alerts in a SOC is a high stress environment and the grind never stops, so find ways to laugh and enjoy who you work with.
3