@cyb3rops If the TA had the privileges to install software, not sure what tool they downloaded and used really matters. Seems “troll-ey” that they picked an open-source forensic tool more than anything else.
UNC3944 Evolving Tactics Exposed!
Our new blog dives deep into UNC3944's recent SaaS attacks, analyzing their changing methods and goals.
Read now: https://t.co/XSkqwBtCGo
#Cybersecurity#ThreatIntelligence#UNC3944
Thrilled to co-present on cloud threat hunting with the IR legend @MadeleyJosh on June 13th! Tune in to hear:
☁The nuances of hunting in the cloud
☁ How to turn intel into detection/TH opportunities
☁ Case studies on recent compromises
Register now: https://t.co/vhhssUCf3b
@gleeda@ImposeCost This is not to say they can’t benefit from it; just my observations in practice is that they don’t use it that way. Security vendors are exempted from my observations - someone has to build detections at scale.
@gleeda@ImposeCost There probably isn’t a good way. My intuition (and anecdotal experience) is that most blue teamers are not using the POC code to build detections; they are using it to test if the mitigation or patch worked until their is an official vuln scanner detection.
@_Omer_GG@Big_Bad_W0lf_@cglyer Commercial datasets like Spur attempt to identify them. They are not “great” given the high turnover, but it’s a starting point.
@brettshavers Maybe I am missing something, but are they saying that IP address based tracking still worked when people were incognito? Was the expectation that client side changes impact server side analytics?
Don’t let cyber criminals ruin your #SmallBusinessSaturday
Get AI-powered, elite cybersecurity protection with CrowdStrike Falcon Go—now available on Amazon Business.
Learn more: https://t.co/igtzkdkuGK
Today we launched a 🔎 scanning tool for orgs to search their Citrix netscalers for evidence of CVE-2023-3519 post-exploration. You can run this direct on the ADC or against a forensic image. With public POCs out there expect more exploitation!
https://t.co/Wiianjv8AX
#DFIR