Ray Pugh III

about 4 years ago

#SOC caught attacker in #GCP when they issued API call to CreateServiceAccountKey via SDK from odd IP. This triggered alert w/: - IP enrichment - Historical context for user/API Team scoped & fixed. Initial access? Exposed cred. More details ⬇️ https://t.co/d4owJCBtZ1

0

260

74

47

0

RpughIII retweeted

Max Rogers @MaxRogers5

about 4 years ago

We'll look back in 10 years and credit the modern operations center to @jhencinski. If you lead a Security Operations Center - listen to his appearance on the @SecHubb/@SANSInstitute podcast: https://t.co/kwWHNb9r0a

3

45

9

7

0

RpughIII retweeted

Creator of Debloat and https://t.co/tIYqmw6pxt Support: https://t.co/l9kCPRoD2y Join the Debloat/CertGraveyard discord: https://t.co/ZcWIqa6ZA9

over 4 years ago

Our first @expel_io annual report is here! It includes data and insights on: - BEC (public enemy #1) - Pre-ransomware activity - Supply chain attacks - Cryptojacking Our goal: translate the security events we’re detecting into strategy for your org. https://t.co/3jKhmtQssH

2

84

16

14

0

Who to follow

Squiblydoo

@SquiblydooBlog

Michael Barclay

@michaelbarclay_

Principal Security Researcher at Prelude Security

ClearVector

@clearvectorhq

Identity-driven detection and response for #aws, #gcp, #azure, #github, #kubernetes and container runtimes, #okta and #entra

RpughIII retweeted

over 4 years ago

Great eXpeltations 2022 has arrived! Help your org manage risk with data and insights on the biggest #infosec threats, how to handle 'em, and what you can expect in the year ahead. Download it today at https://t.co/7Dy4i5wDxD. #MDR #SOC #ransomware #cryptojacking #phishing #BEC

ExpelSecurity's tweet photo. Great eXpeltations 2022 has arrived!

Help your org manage risk with data and insights on the biggest #infosec threats, how to handle 'em, and what you can expect in the year ahead. Download it today at https://t.co/7Dy4i5wDxD. #MDR #SOC #ransomware #cryptojacking #phishing #BEC https://t.co/bMtqsx1qjK

1

7

3

0

RpughIII retweeted

over 4 years ago

#JobAlert: thrive working w/ others? Love destroying dreams of attackers? Dig working with a variety of tech at the intersection of detection & response automation and weaving it all together? We're #nowhiring a Sr. Detection & Response Engineer: https://t.co/rKroNEg5CF #hiring

ExpelSecurity's tweet photo. #JobAlert: thrive working w/ others? Love destroying dreams of attackers? Dig working with a variety of tech at the intersection of detection & response automation and weaving it all together?

We're #nowhiring a Sr. Detection & Response Engineer: https://t.co/rKroNEg5CF #hiring https://t.co/lzPO1nKU5r

0

7

3

0

RpughIII retweeted

over 4 years ago

au·to·di·dact: a self-taught person Teach yourself infosec! The guide below from my friend @wifi_ve intends to provide a basic (and generally, free) set of resources for getting started with learning computer security. https://t.co/8jjM1Ypzcc

jhencinski's tweet photo. au·to·di·dact: a self-taught person

Teach yourself infosec!

The guide below from my friend @wifi_ve intends to provide a basic (and generally, free) set of resources for getting started with learning computer security.

https://t.co/8jjM1Ypzcc https://t.co/bfr882Y8t1

1

192

48

76

0

RpughIII retweeted

over 4 years ago

Anyone have a good experience with a managed vuln management (MVM) provider? If so, who did you use and what did you love about the service? Also interested in folks that may have had bad MVM experiences. What didn't you get that you were hoping for?

1

12

6

3

0

RpughIII retweeted

almost 5 years ago

Quick 🧵of some of the insights and actions we're sharing with our customers based on Q2 '21 incident data. TL;DR: - #BEC in O365 is a huge problem. MFA everywhere, disable legacy protocols. - We’re 👀 more ransomware attacks. Reduce/control the self-install attack surface.

11

269

96

51

0

RpughIII retweeted

almost 5 years ago

MS Defender for Identity helped us spot #redteam at a customer this week. Lead: Suspected Kerberos SPN exposure This was ~20 hours before we had any significant activity from an EDR integration. Good example of the importance of being able to extend beyond EDR.

2

149

27

4

0

RpughIII retweeted

almost 5 years ago

.@gdead laying down that 🔥🔥🔥auto-tune 🎤🎤🎤 @expel_io company all-hands right now. Yes, this is actually happening.

0

19

2

0

RpughIII retweeted

Tyler Fornes @tfornez

about 5 years ago

The Global Response Team at @expel_io is hiring! If you’re a passionate incident responder or looking to blend in some blue to your red team skills — we’d love to talk to you! 👇Senior D&R Analyst role details:👇 https://t.co/QtFkQy2SMu

1

21

13

1

0

RpughIII retweeted

over 5 years ago

Stopping REvil before ransom is great, but not why I joined @expel_io I wanted to translate security events into strategy at scale No, I don't want to keep sending incidents for <threat> Instead, any incident is an op to help a customer improve It's rewarding to 👀 progress:

jhencinski's tweet photo. Stopping REvil before ransom is great, but not why I joined @expel_io

I wanted to translate security events into strategy at scale

No, I don't want to keep sending incidents for <threat>

Instead, any incident is an op to help a customer improve

It's rewarding to 👀 progress: https://t.co/LzvvMKn3Kk

2

47

7

1

0

RpughIII retweeted

over 5 years ago

🎣 Expel for #Phishing 🎣 Your one-stop-shop for suspicious email investigations, featuring: 📜 Detailed findings reports ⚕️ Recommendations & remediation actions 📊 Easy-to-understand metrics & trends Give the gift of 🕑 back to your #secops team: https://t.co/sZPZIaT1Ec #MDR

0

7

4

0

RpughIII retweeted

over 5 years ago

"If you’re not using data to spot too much cognitive loading – or finding ways to free up mental capacity – that’s a recipe ripe for burnout 😭." Tips and insights from @jhencinski & the @expel_io #SOC on metrics/techniques to protect against volatility: https://t.co/5ogCXJFFci

0

29

9

8

0

RpughIII retweeted

almost 6 years ago

If you have a #SOC #QC program be super transparent about the trend. We wrote a #Slack bot that sends the #QC trend to the team each day. We talk about it. We plan. We adjust. QC legend: - 🔴 failed - 🟢 passed - ⚫ missed Visualize. Review. Plan. Improve. Repeat.

jhencinski's tweet photo. If you have a #SOC #QC program be super transparent about the trend.

We wrote a #Slack bot that sends the #QC trend to the team each day. We talk about it. We plan. We adjust.

QC legend:
- 🔴 failed
- 🟢 passed
- ⚫ missed

Visualize. Review. Plan. Improve. Repeat. https://t.co/AnrBcbWg5d

0

26

8

4

0

RpughIII retweeted