Thomas Lilja
@tuxic.bsky.social
All things Infosec. OT/ICS. Protector of critical infrastructure. Physical security. Locks. Hardware. Need. More. Time.
Reposted by Thomas Lilja
Newcomers to password cracking should learn that in 1991 the 1st well known password cracker @alecmuffett.bsky.social's Crack introduced applying rules & permutations to dictionary words, such as substituting numbers for letters, reversing words, appending digits, & other common user habits. 1/3
March 5, 2025 at 4:43 PM
Newcomers to password cracking should learn that in 1991 the 1st well known password cracker @alecmuffett.bsky.social's Crack introduced applying rules & permutations to dictionary words, such as substituting numbers for letters, reversing words, appending digits, & other common user habits. 1/3
Reposted by Thomas Lilja
Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions
Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions
Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity.
buff.ly
February 22, 2025 at 8:12 AM
Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions
Reposted by Thomas Lilja
Leveraging the capabilities of #Sigmarules can help optimize your log management solution for #security detection & response!
Learn about:
❓Why you should use them
📂Specific use cases
🦴Anatomy of a Sigma rule
🔍 Sigma rule event processing for adv. detection capabilities
graylog.org/post/the-ult...
Learn about:
❓Why you should use them
📂Specific use cases
🦴Anatomy of a Sigma rule
🔍 Sigma rule event processing for adv. detection capabilities
graylog.org/post/the-ult...
The Ultimate Guide to Sigma Rules
Sigma rules are an open-source, platform agnostic format for building high-fidelity detections and engaging in proactive threat hunting so you can mature your security posture and overcome the cyberse...
graylog.org
February 18, 2025 at 10:55 PM
Leveraging the capabilities of #Sigmarules can help optimize your log management solution for #security detection & response!
Learn about:
❓Why you should use them
📂Specific use cases
🦴Anatomy of a Sigma rule
🔍 Sigma rule event processing for adv. detection capabilities
graylog.org/post/the-ult...
Learn about:
❓Why you should use them
📂Specific use cases
🦴Anatomy of a Sigma rule
🔍 Sigma rule event processing for adv. detection capabilities
graylog.org/post/the-ult...
Reposted by Thomas Lilja
An attacker successfully phished a Cyberhaven employee.
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
Breaking: Cyberhaven Chrome Extension Compromised in Holiday Attack Campaign
An attacker successfully phished a Cyberhaven employee, gained access to Chrome Web Store admin credentials, published a malicious version of the extension
www.vulnu.com
December 27, 2024 at 3:20 AM
An attacker successfully phished a Cyberhaven employee.
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
They gained access to their Chrome Web Store admin credentials and published a malicious version of the Cyberhaven extension.
Read my full writeup here:
www.vulnu.com/p/breaking-c...
Thanks @jaimeblascob.bsky.social and @johntuckner.me
Reposted by Thomas Lilja
I'm going to revolutionize the motivational industry
December 21, 2024 at 5:36 PM
I'm going to revolutionize the motivational industry
Reposted by Thomas Lilja
PSA: upgrade your FortiOS devices, they’re hiding a zero day again.
December 21, 2024 at 12:06 AM
PSA: upgrade your FortiOS devices, they’re hiding a zero day again.
Reposted by Thomas Lilja
US Water Facilities Urged to Secure Access to Internet-Exposed HMIs
US Water Facilities Urged to Secure Access to Internet-Exposed HMIs
EPA and CISA urge organizations in the water and wastewater systems sector to harden remote access to internet-exposed HMIs.
www.securityweek.com
December 20, 2024 at 5:42 AM
US Water Facilities Urged to Secure Access to Internet-Exposed HMIs
Reposted by Thomas Lilja
New Attacks Exploit VSCode Extensions and npm Packages
New Attacks Exploit VSCode Extensions and npm Packages
Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains
www.infosecurity-magazine.com
December 20, 2024 at 8:42 AM
New Attacks Exploit VSCode Extensions and npm Packages
So you want to be a SOC analyst?
Well, then this is for you…
Well, then this is for you…
Not new, but have not mentioned on Bluesky yet.
If you or someone you know aspires to be a SOC Analyst, check out my hands-on lab, "So you want to be a SOC Analyst?"
Thousands of people have been through it and the feedback has been 🔥
blog.ecapuano.com/p/so-you-wan... #infosec
If you or someone you know aspires to be a SOC Analyst, check out my hands-on lab, "So you want to be a SOC Analyst?"
Thousands of people have been through it and the feedback has been 🔥
blog.ecapuano.com/p/so-you-wan... #infosec
So you want to be a SOC Analyst? Intro
A blog series for someone wanting to get a start as a SOC Analyst
blog.ecapuano.com
December 15, 2024 at 10:36 PM
So you want to be a SOC analyst?
Well, then this is for you…
Well, then this is for you…
Seeing as many security programs evaluate their coverage against Mitre Att&ck, it’s interesting to see the same being done for the products they rely on.
Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware https://cyberscoop.com/mitre-attack-evaluations-ransomware-macos/
Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware
The sixth round of tests included two ransomware variants, while also incorporating macOS for the first time.
cyberscoop.com
December 15, 2024 at 9:34 PM
Seeing as many security programs evaluate their coverage against Mitre Att&ck, it’s interesting to see the same being done for the products they rely on.
🙄
@mrr3b00t.bsky.social new WiFi threat unleashed.
Routers on windowsills are easier to hack.
Routers on windowsills are easier to hack.
December 15, 2024 at 3:33 PM
🙄
Reposted by Thomas Lilja
📢 ⬇️
Our letter with 350+ musicians demanding that music labels drop their lawsuit to destroy @internetarchive.bsky.social is STILL ACCEPTING SIGNATURES.
Musicians can still speak out. In fact, we're hoping for a groundswell: www.savethearchive.com
Fans and archive-lovers can sign in solidarity, too!
Musicians can still speak out. In fact, we're hoping for a groundswell: www.savethearchive.com
Fans and archive-lovers can sign in solidarity, too!
Save Music, Save the Archive!
Save Music, Save the Archive! Over 350 musicians are speaking out to demand that major labels drop a lawsuit aimed to destroy the Internet Archive—and for their industry to take concrete actions to re...
www.savethearchive.com
December 9, 2024 at 5:23 PM
📢 ⬇️
Impressive indeed. But would it be enough to make Windows search usable? 🤔
December 9, 2024 at 6:09 PM
Impressive indeed. But would it be enough to make Windows search usable? 🤔
Reposted by Thomas Lilja
I have been informed by my immigration firm I need to rapidly overcome burnout and depression and publish, publish, publish, knocked out a 15 page academic white paper yesterday and 8 page one today. If your publication needs something on industrial cybersecurity… 🙏💜
December 6, 2024 at 10:37 PM
I have been informed by my immigration firm I need to rapidly overcome burnout and depression and publish, publish, publish, knocked out a 15 page academic white paper yesterday and 8 page one today. If your publication needs something on industrial cybersecurity… 🙏💜
Reposted by Thomas Lilja
NIST issues updated cyber guides focused on assessments and communication https://www.nextgov.com/cybersecurity/2024/12/nist-issues-updated-cyber-guides-focused-assessments-and-communication/401410/
NIST issues updated cyber guides focused on assessments and communication
Two new volumes were released by the National Institute of Standards and Technology that aim to broaden the publication’s applicability to organizations outside federal agencies.
www.nextgov.com
December 7, 2024 at 6:12 AM
NIST issues updated cyber guides focused on assessments and communication https://www.nextgov.com/cybersecurity/2024/12/nist-issues-updated-cyber-guides-focused-assessments-and-communication/401410/
We dodged the bullet once more. For the love of god why won’t they give up this madness.
our team and partners tell me that the EU Chat Control vote today did not pass. Thank you to everyone working so hard to keep encryption end-to-end!
December 6, 2024 at 10:49 PM
We dodged the bullet once more. For the love of god why won’t they give up this madness.
Reposted by Thomas Lilja
Anyone here in ICS, OT, SCADA security that I missed and need to add?
I created the ICS/OT Security starter pack. Please give it a follow and let me know if I'm missing anyone.
go.bsky.app/SQygf7K
go.bsky.app/SQygf7K
December 6, 2024 at 6:19 PM
Anyone here in ICS, OT, SCADA security that I missed and need to add?
Reposted by Thomas Lilja
Ever wanted to help advance the Internet Archive's mission of "Universal Access to All Knowledge"?
We are hiring the manager of our Patron Services team.
For more information please see this job listing ⤵️
app.trinethire.com/companies/32...
We are hiring the manager of our Patron Services team.
For more information please see this job listing ⤵️
app.trinethire.com/companies/32...
Internet Archive | Manager - Patron Services
The Internet Archive is looking for an outstanding individual to
lead our Patron Services team. The Patron Services team operates
similarly to customer service, quality assurance, trust and
safety or ...
app.trinethire.com
December 6, 2024 at 9:04 PM
Ever wanted to help advance the Internet Archive's mission of "Universal Access to All Knowledge"?
We are hiring the manager of our Patron Services team.
For more information please see this job listing ⤵️
app.trinethire.com/companies/32...
We are hiring the manager of our Patron Services team.
For more information please see this job listing ⤵️
app.trinethire.com/companies/32...
Reposted by Thomas Lilja
Are you prepared to combat destructive #malware? ☠️⚠️
Trojans, worms, #ransomware & #botnets are all types of destructive malware that can wreck havoc on your systems. 😰
Learn about the motivations behind deploying it, how it works, & how #TDIR can help. 🛡️
graylog.org/post/destruc... #cybersecurity
Trojans, worms, #ransomware & #botnets are all types of destructive malware that can wreck havoc on your systems. 😰
Learn about the motivations behind deploying it, how it works, & how #TDIR can help. 🛡️
graylog.org/post/destruc... #cybersecurity
Destructive Malware: Threat Detection and Incident Response
Destructive malware makes systems, devices, and data unusuable to interrupt operations. With appropriate threat detection and incident response, organizations can mitigate destructive malware's impact...
graylog.org
December 6, 2024 at 9:09 PM
Are you prepared to combat destructive #malware? ☠️⚠️
Trojans, worms, #ransomware & #botnets are all types of destructive malware that can wreck havoc on your systems. 😰
Learn about the motivations behind deploying it, how it works, & how #TDIR can help. 🛡️
graylog.org/post/destruc... #cybersecurity
Trojans, worms, #ransomware & #botnets are all types of destructive malware that can wreck havoc on your systems. 😰
Learn about the motivations behind deploying it, how it works, & how #TDIR can help. 🛡️
graylog.org/post/destruc... #cybersecurity
Watch out for rogue browser extensions synced to your enterprise devices by compromised personal accounts. 🔥
Did you know attackers can inject extensions into your employee machines in even of a compromise of their account? Look into controlling this in Edge and Chrome.
December 6, 2024 at 10:09 PM
Watch out for rogue browser extensions synced to your enterprise devices by compromised personal accounts. 🔥
Ever found yourself needing to decompress Windows 10/11 swap but lacked proper tooling?
If so, this is for you…
If so, this is for you…
Releasing a new #DFIR tool today! Swap Recon performs brute-force decompression of Windows 10 & 11 swap. Swap Recon was built when we couldn't find existing tools or techniques to decompress modern Windows swap properly in one of our highest-stakes cases. arsenalrecon.com
December 6, 2024 at 9:49 PM
Ever found yourself needing to decompress Windows 10/11 swap but lacked proper tooling?
If so, this is for you…
If so, this is for you…
Reposted by Thomas Lilja
DDoSecrets has released Library of Leaks, an online database of millions of hacked and leaked documents
search.libraryofleaks.org
search.libraryofleaks.org
December 5, 2024 at 5:05 PM
DDoSecrets has released Library of Leaks, an online database of millions of hacked and leaked documents
search.libraryofleaks.org
search.libraryofleaks.org
Reposted by Thomas Lilja
🛡️Windows Firewall and WFP are only two ways to silence an #EDR agent.
📢In my latest blog post I discuss another network based technique to prevent data ingest and ways to detect it.
And if you want even more, checkout part 2 released by @Cyb3rMonk Link in the post
📢In my latest blog post I discuss another network based technique to prevent data ingest and ways to detect it.
And if you want even more, checkout part 2 released by @Cyb3rMonk Link in the post
EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
For red teams and adversary alike it’s important to stay hidden. As many companies nowadays have EDR agents deployed those agents are always in focus and tools like EDRSilencer or EDRSandblast use…
cloudbrothers.info
December 1, 2024 at 3:04 PM
🛡️Windows Firewall and WFP are only two ways to silence an #EDR agent.
📢In my latest blog post I discuss another network based technique to prevent data ingest and ways to detect it.
And if you want even more, checkout part 2 released by @Cyb3rMonk Link in the post
📢In my latest blog post I discuss another network based technique to prevent data ingest and ways to detect it.
And if you want even more, checkout part 2 released by @Cyb3rMonk Link in the post
Reposted by Thomas Lilja
[NEW BLOG]
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2
In collaboration with
@fabian.bader.cloud
academy.bluraven.io/blog/edr-sil...
#redteam
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2
In collaboration with
@fabian.bader.cloud
academy.bluraven.io/blog/edr-sil...
#redteam
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2
Alternative methods for EDR Silencers for blocking EDR communication to disable defenses.
academy.bluraven.io
December 1, 2024 at 5:32 PM
[NEW BLOG]
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2
In collaboration with
@fabian.bader.cloud
academy.bluraven.io/blog/edr-sil...
#redteam
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2
In collaboration with
@fabian.bader.cloud
academy.bluraven.io/blog/edr-sil...
#redteam