mcp
@securitydumpster.bsky.social
Opportunity Threat Hunter | Recovering snowboarder | my views are my own
Just put out this research on MiTM PaaS kits labeled Rockstar and Flowerstorm over the past few months. While my name is on this I partnered with two researchers, Josh Rawles and Jordon Olness who did a bulk of the work alongside @thepacketrat.net, and Colin Cowie who are all individually brilliant!
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces
A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar
news.sophos.com
December 19, 2024 at 4:17 PM
Just put out this research on MiTM PaaS kits labeled Rockstar and Flowerstorm over the past few months. While my name is on this I partnered with two researchers, Josh Rawles and Jordon Olness who did a bulk of the work alongside @thepacketrat.net, and Colin Cowie who are all individually brilliant!
Excited to share that I was on the finale episode of Malspace to discuss Operation Crimson Palace, a year and a half long intrusion into a government agency located in Southeastern Asia, where we identified 3 PRC-aligned apt actors operating within the same environment simultaneously #cti #apt
Malspace | Operation Crimson Palace
On this episode, Mark Parsons, Senior Threat Hunter at Sophos MDR, discusses his team's investigation into Operation Crimson Palace, which uncovered Chinese state-sponsored cyberespionage targeting...
malspace.com
December 10, 2024 at 3:24 AM
I love posts like this one, sharing out easily translate-able methods, like the cc recipe for gen’ing ur own hashes
Dissecting JA4H for improved Sliver C2 detections
Background
On November 18, 2024, Palo Alto Networks announced the discovery of two critical vulnerabilities, CVE-2024-0012 and CVE-2024-9474, in the operating system that powers their firewall device...
blog.webscout.io
November 29, 2024 at 6:34 PM
I love posts like this one, sharing out easily translate-able methods, like the cc recipe for gen’ing ur own hashes
Reposted by mcp
#PIVOTcon25 registration is now OPEN 🤟📥📥📥
pivotcon.org
#CTI #ThreatResearch #ThreatIntel
Please read carefully the whole 🧵 for the rules about invite -> registration (1/5)
pivotcon.org
#CTI #ThreatResearch #ThreatIntel
Please read carefully the whole 🧵 for the rules about invite -> registration (1/5)
two men are standing next to each other with the words " we open it up " on the screen
ALT: two men are standing next to each other with the words " we open it up " on the screen
media.tenor.com
November 19, 2024 at 2:00 PM
#PIVOTcon25 registration is now OPEN 🤟📥📥📥
pivotcon.org
#CTI #ThreatResearch #ThreatIntel
Please read carefully the whole 🧵 for the rules about invite -> registration (1/5)
pivotcon.org
#CTI #ThreatResearch #ThreatIntel
Please read carefully the whole 🧵 for the rules about invite -> registration (1/5)
Me when I saw the theatre showing The Fifth Element on a random Sunday night
Hawt Hot GIF
ALT: Hawt Hot GIF
media.tenor.com
November 18, 2024 at 12:03 AM
Me when I saw the theatre showing The Fifth Element on a random Sunday night
Reposted by mcp
My Microsoft BlueHat talk "Deprecating Azure AD Graph API is Easy and Other Lies We Tell Ourselves" is now on Youtube!
Link to recording & slide deck at aadinternals.com/talks/
Link to recording & slide deck at aadinternals.com/talks/
Talks
My talks in different conferences.
aadinternals.com
November 11, 2024 at 11:20 PM
My Microsoft BlueHat talk "Deprecating Azure AD Graph API is Easy and Other Lies We Tell Ourselves" is now on Youtube!
Link to recording & slide deck at aadinternals.com/talks/
Link to recording & slide deck at aadinternals.com/talks/
Reposted by mcp
Researchers say Twitter changed its algorithm to promote Elon Musk and Republican posts leading up to the election.
"The date at which [the spike] in engagement occurs coincides with Elon Musk's formal endorsement of Donald Trump on 13th July 2024." eprints.qut.edu.au/253211/
"The date at which [the spike] in engagement occurs coincides with Elon Musk's formal endorsement of Donald Trump on 13th July 2024." eprints.qut.edu.au/253211/
November 13, 2024 at 12:39 PM
Researchers say Twitter changed its algorithm to promote Elon Musk and Republican posts leading up to the election.
"The date at which [the spike] in engagement occurs coincides with Elon Musk's formal endorsement of Donald Trump on 13th July 2024." eprints.qut.edu.au/253211/
"The date at which [the spike] in engagement occurs coincides with Elon Musk's formal endorsement of Donald Trump on 13th July 2024." eprints.qut.edu.au/253211/
Check out my most recent talk on scaling threat hunting and threat intelligence at this years BlueHat! youtu.be/n7GVxDxwOUc?...
BlueHat 2024: S13: Patterns in the Shadows: Scaling Threat Hunting & Intel for Modern Adversaries
YouTube video by Microsoft Security Response Center (MSRC)
youtu.be
November 16, 2024 at 1:41 PM
Check out my most recent talk on scaling threat hunting and threat intelligence at this years BlueHat! youtu.be/n7GVxDxwOUc?...
Reposted by mcp
Here's why Adam thinks a Linux malware variant that recently turned up in Russia was probably developed by Western SIGINT. More details in this week's Risky Business podcast, available on YouTube (www.youtube.com/watch?v=s7iP...) or wherever you get your audio podcasts...
November 13, 2024 at 11:35 PM
Here's why Adam thinks a Linux malware variant that recently turned up in Russia was probably developed by Western SIGINT. More details in this week's Risky Business podcast, available on YouTube (www.youtube.com/watch?v=s7iP...) or wherever you get your audio podcasts...