'/%3e%3cpath%20d='M50.3943%2022.237V39.5876H43.5185V22.7481C43.5185%2019.2029%2042.0411%2017.3949%2039.036%2017.3949C35.7325%2017.3949%2034.0778%2019.5338%2034.0778%2023.7585V32.9759H27.2434V23.7585C27.2434%2019.5338%2025.5857%2017.3949%2022.2822%2017.3949C19.2949%2017.3949%2017.8027%2019.2029%2017.8027%2022.7481V39.5876H10.9298V22.237C10.9298%2018.6918%2011.835%2015.8754%2013.6453%2013.7877C15.5128%2011.7049%2017.9623%2010.6355%2021.0028%2010.6355C24.522%2010.6355%2027.1813%2011.9885%2028.9542%2014.6917L30.665%2017.5633L32.3788%2014.6917C34.1517%2011.9885%2036.811%2010.6355%2040.3243%2010.6355C43.3619%2010.6355%2045.8114%2011.7049%2047.6847%2013.7877C49.4931%2015.8734%2050.3963%2018.6899%2050.3943%2022.237Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_89_8'%20x1='30.5'%20y1='0'%20x2='30.5'%20y2='65'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%236364FF'/%3e%3cstop%20offset='1'%20stop-color='%23563ACC'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
Andrew 🌻 Brandt 🐇<p>For those who don't know (which is most of you), this project has been the intense focus of my work, taking up a huge amount of my time, energy, and investigative effort for the past 14 months - while still helping others at Sophos publish their research; running an election campaign where I was a candidate for school board; speaking at Blue Hat, <span class="h-card" translate="no"><a href="https://defcon.social/@defcon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>defcon</span></a></span> <a href="https://infosec.exchange/tags/Saintcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Saintcon</span></a>, <a href="https://infosec.exchange/tags/VirusBulletin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VirusBulletin</span></a> and other conferences; guest lecturing to classes at CU Boulder; volunteering my time canvassing for political candidates; serving as a docent at the <span class="h-card" translate="no"><a href="https://post.lurk.org/@mediaarchaeologylab" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mediaarchaeologylab</span></a></span>; working as a poll worker during the current US election cycle; and starting up the Elect More Hackers (electmorehackers.com) organization.</p><p>Whew. It's actually kind of daunting just to read that. I also sometimes sleep and eat.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@SophosXOps" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>SophosXOps</span></a></span> has been, at its core, an institution that values radical transparency, and this story (and the earlier research investigations into the Operation Pacific Rim threat actors and incidents) demonstrates Sophos' commitment to truth and journalistic integrity, following a story wherever it leads. </p><p>I hope our publication today starts a larger conversation and collaboration within the cybersecurity industry - inside and outside the Cyber Threat Alliance, which Sophos actively supports and where I am proud to represent my employer - to work together to thwart the ambitions of nation-state threat actors such as the perpetrators of Operation Pacific Rim, in order to protect the privacy and safety of everyone, everywhere.</p><p><a href="https://infosec.exchange/tags/PacificRim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PacificRim</span></a> <a href="https://infosec.exchange/tags/OperationPacificRim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OperationPacificRim</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/china" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>china</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/hacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacks</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/firewalls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewalls</span></a> <a href="https://infosec.exchange/tags/intrusiondetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>intrusiondetection</span></a> </p><p><a href="https://www.sophos.com/en-us/content/pacific-rim" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sophos.com/en-us/content/pacif</span><span class="invisible">ic-rim</span></a></p>
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.
Administered by:
Server stats:
506active users
101010.pl: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-beta.1
#intrusiondetection
0 posts · 0 participants · 0 posts today
kravietz<p>Pawel Krawczyk: DevOps guide to the galaxy of self-defending applications (Devoxx Ukraine 2019)</p><p><a href="https://video.echelon.pl/videos/watch/99793951-d08d-4250-992a-ac0f4c10fe07" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">video.echelon.pl/videos/watch/</span><span class="invisible">99793951-d08d-4250-992a-ac0f4c10fe07</span></a></p>
ADMIN magazine<p>Did you miss our SysAdmin Day gift? There's still time to download your copy of 10 Terrific Tools for the Busy Admin. Special thanks to our partner <a href="https://hachyderm.io/tags/TuxCare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TuxCare</span></a> <a href="https://mailchi.mp/admin-magazine.com/sysadmin-day-2024" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mailchi.mp/admin-magazine.com/</span><span class="invisible">sysadmin-day-2024</span></a><br><a href="https://hachyderm.io/tags/SysAdminDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SysAdminDay</span></a> <a href="https://hachyderm.io/tags/tools" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tools</span></a> <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://hachyderm.io/tags/gift" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gift</span></a> <a href="https://hachyderm.io/tags/firmware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firmware</span></a> <a href="https://hachyderm.io/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://hachyderm.io/tags/IntrusionDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IntrusionDetection</span></a> <a href="https://hachyderm.io/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://hachyderm.io/tags/utilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>utilities</span></a> <a href="https://hachyderm.io/tags/admin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>admin</span></a></p>
Tinker ☀️<p>There is something so satisfying in kicking off an entire RFC1918 scan.</p><p>Doing a single port at a brisk but safe (for my environment) pace.</p><p>~/# nmap -Pn -n -p <single port number> -T4 --open 10.0.0.0/8</p><p>~/# nmap -Pn -n -p <single port number> -T4 --open 172.16.0.0/12</p><p>~/# nmap -Pn -n -p <single port number> -T4 --open 192.168.0.0/16</p><p>(command broken out for dramatic effect - also note that I break out each of those CIDRs into /24's so that if anything breaks, I can pick up easier where the last known good ended. It's scripted and I prefer it this way.)</p><p>I am not doing a ping sweep or a DNS resolution. I'm assuming all hosts are up. And I'm looking for every host with a single port open. So even if they dont respond to pings (or something is preventing pings), I should get an answer back.</p><p>Note, I could certainly do faster (T5 or masscan, gawd) - but this is about as fast as I'm going to do in my environment and still be safe.</p><p>Also, only looking for open ports right now - no fingerprinting yet.</p><p>A cool thing about this approach is many intrusion detection still will only look for multiple ports on a single host to trigger an alert. Some still ignore many hosts / single port scans (to their detriment). </p><p>We've long sense purple teamed this, so I sent a notification to SOC letting them know my actions and asking them nicely (I bribed them last week) to not stop me, lol.</p><p>Should take a couple weeks to a month at this pace and in my environment to hit every single one of the just shy of 18,000,000 hosts 😂 </p><p><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/penetrationtesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>penetrationtesting</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/intrusionDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>intrusionDetection</span></a></p>
Linux Magazine<p>The February issue of Linux Magazine is available now! This month's DVD includes <span class="h-card" translate="no"><a href="https://mastodon.social/@EndeavourOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EndeavourOS</span></a></span> Galileo 11 and <a href="https://fosstodon.org/tags/ArchLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArchLinux</span></a> 2023.12.01 <a href="https://shop.linuxnewmedia.com/shop/eh30279-linux-magazine-279-print-issue-219#attr" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">shop.linuxnewmedia.com/shop/eh</span><span class="invisible">30279-linux-magazine-279-print-issue-219#attr</span></a>= <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/IntrusionDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IntrusionDetection</span></a> <a href="https://fosstodon.org/tags/RaspPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaspPi</span></a> <a href="https://fosstodon.org/tags/PeppermintOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PeppermintOS</span></a> <a href="https://fosstodon.org/tags/LibreOffice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreOffice</span></a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"🌩️ Cloud Services in the Crosshairs: The New C2 Battleground ⚔️☁️"</p><p>Threat actors are increasingly exploiting legitimate cloud services for C2 infrastructure, blending malicious activity within legitimate traffic to avoid detection. Google's TAG notes a rise in cloud service abuse for malware delivery and data exfiltration. The recent GCR proof-of-concept on GitHub demonstrates this trend, though TAG hasn't spotted it "in the wild" yet. Vigilance and robust network defenses are crucial. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/CloudComputing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudComputing</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/GoogleTAG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleTAG</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a></p><p>Source: <a href="https://services.google.com/fh/files/blogs/gcat_threathorizons_full_oct2023.pdf" rel="nofollow noopener" target="_blank">Threat Horizons report by Google TAG</a></p><p>Also see this Toot: <a href="https://infosec.exchange/@H3liumb0y/111362931085843949" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@H3liumb0y/11</span><span class="invisible">1362931085843949</span></a></p><p>Tags: <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> <a href="https://infosec.exchange/tags/CyberDefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberDefense</span></a> <a href="https://infosec.exchange/tags/IntrusionDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IntrusionDetection</span></a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://infosec.exchange/tags/CloudIDS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudIDS</span></a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreats</span></a> <a href="https://infosec.exchange/tags/GoogleCloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleCloud</span></a></p><p>⚠️ Stay alert to the evolution of cyber threats leveraging cloud services.</p>
Martin<p>Question about Intrusion Detection</p><p>Which FLOSS systems are available to detect intrusion on servers?</p><p><a href="https://social.tchncs.de/tags/intrusiondetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>intrusiondetection</span></a></p>
heise online (inoffiziell)Nach vielen Jahren Entwicklung ist die neue Version 3 des IDS-Tools Snort als Final Release verfügbar und behebt viele schon oft diskutierte Mängel.<br>
<a href="https://www.heise.de/news/Snort-3-Mit-Multithreading-dem-Angreifer-auf-der-Spur-5032068.html" rel="nofollow noopener" target="_blank">Snort 3: Mit Multithreading dem Angreifer auf der Spur</a>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload