Cybergilly
@cybergilly.bsky.social
Lover of Cybersecurity - Lover of Disaster Management. I think it's a match made in heaven.
Heads up:
The Cyber Sentinel Skills Challenge is happening June 14 — a free, one-day virtual CTF backed by the DoD.
• $15K in cash prizes
• Realistic cyber scenarios
• Open to all skill levels
• U.S. Citizens & Green Card holders, 18+
Apply here: bit.ly/cyber-sentinel
The Cyber Sentinel Skills Challenge is happening June 14 — a free, one-day virtual CTF backed by the DoD.
• $15K in cash prizes
• Realistic cyber scenarios
• Open to all skill levels
• U.S. Citizens & Green Card holders, 18+
Apply here: bit.ly/cyber-sentinel
DoD Cyber Sentinel Challenge | Correlation One
Apply to this Cybersecurity skills challenge for your chance to win $15,000 in prizes and access new career opportunities.
bit.ly
April 22, 2025 at 2:48 AM
Heads up:
The Cyber Sentinel Skills Challenge is happening June 14 — a free, one-day virtual CTF backed by the DoD.
• $15K in cash prizes
• Realistic cyber scenarios
• Open to all skill levels
• U.S. Citizens & Green Card holders, 18+
Apply here: bit.ly/cyber-sentinel
The Cyber Sentinel Skills Challenge is happening June 14 — a free, one-day virtual CTF backed by the DoD.
• $15K in cash prizes
• Realistic cyber scenarios
• Open to all skill levels
• U.S. Citizens & Green Card holders, 18+
Apply here: bit.ly/cyber-sentinel
User: “I can’t access my files!”
Helpdesk: “Where are they saved?”
User: “In my head.”
Helpdesk: “Where are they saved?”
User: “In my head.”
December 6, 2024 at 9:18 AM
User: “I can’t access my files!”
Helpdesk: “Where are they saved?”
User: “In my head.”
Helpdesk: “Where are they saved?”
User: “In my head.”
Reposted by Cybergilly
Phishing by Design: Two-Step Attacks Using .vsdx Files
I have crafted a precise KQL using Microsoft Defender for Office 365 and Endpoint to detect such abuse scenarios.
perception-point.io/blog/phishin...
#Cybersecurity #KQL #Phishing #Evasion #TrustedPlatform
I have crafted a precise KQL using Microsoft Defender for Office 365 and Endpoint to detect such abuse scenarios.
perception-point.io/blog/phishin...
#Cybersecurity #KQL #Phishing #Evasion #TrustedPlatform
November 12, 2024 at 5:56 AM
Phishing by Design: Two-Step Attacks Using .vsdx Files
I have crafted a precise KQL using Microsoft Defender for Office 365 and Endpoint to detect such abuse scenarios.
perception-point.io/blog/phishin...
#Cybersecurity #KQL #Phishing #Evasion #TrustedPlatform
I have crafted a precise KQL using Microsoft Defender for Office 365 and Endpoint to detect such abuse scenarios.
perception-point.io/blog/phishin...
#Cybersecurity #KQL #Phishing #Evasion #TrustedPlatform
Reposted by Cybergilly
𝗧𝗵𝗲 𝗣𝗲𝗿𝗳𝗲𝗰𝘁 𝗖𝘂𝘀𝘁𝗼𝗺 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 ... 😘
Using CloudApp & Behaviour Analytics to detect malicious threat actor Copilot Agent.
#Cybersecurity #DefenderXDR #CloudApp #CopilotAgent #KQL
Using CloudApp & Behaviour Analytics to detect malicious threat actor Copilot Agent.
#Cybersecurity #DefenderXDR #CloudApp #CopilotAgent #KQL
November 27, 2024 at 10:44 AM
𝗧𝗵𝗲 𝗣𝗲𝗿𝗳𝗲𝗰𝘁 𝗖𝘂𝘀𝘁𝗼𝗺 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 ... 😘
Using CloudApp & Behaviour Analytics to detect malicious threat actor Copilot Agent.
#Cybersecurity #DefenderXDR #CloudApp #CopilotAgent #KQL
Using CloudApp & Behaviour Analytics to detect malicious threat actor Copilot Agent.
#Cybersecurity #DefenderXDR #CloudApp #CopilotAgent #KQL
Reposted by Cybergilly
CloudApp BEC Defense Policy - Axios
Attackers bypass MFA using a phishing framework with Axios HTTP client. Detect compromise in sign-in logs with user agent axios/1.7.7. Proposing auto-detection & isolation for SecOps assessment.
Sources: Asger Deleuran Strunk / Stephan Berger
Attackers bypass MFA using a phishing framework with Axios HTTP client. Detect compromise in sign-in logs with user agent axios/1.7.7. Proposing auto-detection & isolation for SecOps assessment.
Sources: Asger Deleuran Strunk / Stephan Berger
November 28, 2024 at 9:59 AM
CloudApp BEC Defense Policy - Axios
Attackers bypass MFA using a phishing framework with Axios HTTP client. Detect compromise in sign-in logs with user agent axios/1.7.7. Proposing auto-detection & isolation for SecOps assessment.
Sources: Asger Deleuran Strunk / Stephan Berger
Attackers bypass MFA using a phishing framework with Axios HTTP client. Detect compromise in sign-in logs with user agent axios/1.7.7. Proposing auto-detection & isolation for SecOps assessment.
Sources: Asger Deleuran Strunk / Stephan Berger
Reposted by Cybergilly
KQL Code:
github.com/SlimKQL/Hunt...
github.com/SlimKQL/Hunt...
Hunting-Queries-Detection-Rules/DefenderXDR/Social Engineering Attack Monitor - Teams & Emails.kql at main · SlimKQL/Hunting-Queries-Detection-Rules
KQL Queries. Microsoft Defender, Microsoft Sentinel - SlimKQL/Hunting-Queries-Detection-Rules
github.com
November 29, 2024 at 8:47 AM
KQL Code:
github.com/SlimKQL/Hunt...
github.com/SlimKQL/Hunt...
Reposted by Cybergilly
Social Engineering Attack Alert - Teams & Emails
Kevin Beaumont shared insights on helping orgs recover from ransomware attacks. Key tactic: social engineering. Attackers used phone recon to gather contacts, then flooded users with emails & Teams messages. Custom KQL script for early detection:
Kevin Beaumont shared insights on helping orgs recover from ransomware attacks. Key tactic: social engineering. Attackers used phone recon to gather contacts, then flooded users with emails & Teams messages. Custom KQL script for early detection:
November 29, 2024 at 7:57 AM
Social Engineering Attack Alert - Teams & Emails
Kevin Beaumont shared insights on helping orgs recover from ransomware attacks. Key tactic: social engineering. Attackers used phone recon to gather contacts, then flooded users with emails & Teams messages. Custom KQL script for early detection:
Kevin Beaumont shared insights on helping orgs recover from ransomware attacks. Key tactic: social engineering. Attackers used phone recon to gather contacts, then flooded users with emails & Teams messages. Custom KQL script for early detection:
Reposted by Cybergilly
Hunting Rockstar 2FA:
github.com/SlimKQL/Hunt...
github.com/SlimKQL/Hunt...
Hunting-Queries-Detection-Rules/Sentinel/Hunting Rockstar 2FA.kql at main · SlimKQL/Hunting-Queries-Detection-Rules
KQL Queries. Microsoft Defender, Microsoft Sentinel - SlimKQL/Hunting-Queries-Detection-Rules
github.com
November 29, 2024 at 5:30 PM
Hunting Rockstar 2FA:
github.com/SlimKQL/Hunt...
github.com/SlimKQL/Hunt...
Reposted by Cybergilly
Hunting Rockstar 2FA: A Key Player in Phishing-as-a-Service (PaaS)
www.trustwave.com/en-us/resour...
www.trustwave.com/en-us/resour...
November 29, 2024 at 5:30 PM
Hunting Rockstar 2FA: A Key Player in Phishing-as-a-Service (PaaS)
www.trustwave.com/en-us/resour...
www.trustwave.com/en-us/resour...
Reposted by Cybergilly
Sharing a Sentinel KQL detection for ShadowHound by Friends-Security, which enhances AD enumeration for security assessments. Beware: it can be misused by threat actors & red teamers for reconnaissance. My KQL rule helps identify and mitigate these risks. #KQL #ShadowHound
December 1, 2024 at 12:38 PM
Sharing a Sentinel KQL detection for ShadowHound by Friends-Security, which enhances AD enumeration for security assessments. Beware: it can be misused by threat actors & red teamers for reconnaissance. My KQL rule helps identify and mitigate these risks. #KQL #ShadowHound
Reposted by Cybergilly
In AD environments, Timeroasting exploits NTP authentication to request password hashes of computer/trust accounts. If non-standard or legacy passwords are used, offline brute-forcing is possible. I've created a KQL query to detect such activities. #KQL #Timeroast
December 2, 2024 at 6:01 AM
In AD environments, Timeroasting exploits NTP authentication to request password hashes of computer/trust accounts. If non-standard or legacy passwords are used, offline brute-forcing is possible. I've created a KQL query to detect such activities. #KQL #Timeroast
December 4, 2024 at 2:31 AM
5 Classes left!
I'm planning on making a practical guide once I complete my Masters at WGU.
I'm planning on making a practical guide once I complete my Masters at WGU.
December 1, 2024 at 7:11 AM
5 Classes left!
I'm planning on making a practical guide once I complete my Masters at WGU.
I'm planning on making a practical guide once I complete my Masters at WGU.
Reposted by Cybergilly
