Super weird to me that Dropbox has told Dropbox Sign customers to "delete your existing entry and then reset it" if they use app-based MFA. I have never seen "delete your MFA and create new tokens" in post-compromise account hygiene advice before.
I suspect two things:
1.) Dropbox was storing plain text MFA seeds right next to their password hashes
2.) We're going to hear a lot more about this soon.
Unlocking the Path to Cybersecurity | How Diverse Backgrounds Lead to Success => Short clip from the Leanpub Frontmatter podcast with Andrew Rathbun, Co-Author of EZ Tools Manuals => The link to the full interview is here => https://youtu.be/5LtX7QwF6WM => This episode was recorded on October 18, 2022 #podcastclips#tech#military#marines#lawenforcement#DFIR
Not to be the “what are they teaching kids at school these days” guy. But I have two digital forensics/cyber security post grads on my team, and I had to give them the birds and the bees talk (networking and DNS).
I’m happy to of course, you don’t learn by not asking, but it was a revelation to them.
Both are more ‘qualified’ than me, but had no clue further than what an IP address does.
@SecurityWriter@a y'all are so forgiving. If you can't describe for me in an interview how traceroute works, you're not getting the job. Only for certain jobs, but definitely #DFIR.
Get instant visibility into “right of boom” activities of an ongoing intrusion, plus, quickly gather and process historical evidence for understanding root-cause and all post-compromise activities occurring “left of boom.”
Join @eric_capuano this Wednesday, February 7, 2024 as he discusses the powerful capabilities of SecOps Cloud Platform for fast and scalable incident response & digital forensics.
Do you need to accelerate your incident response but lack the tools and infrastructure?
On Wednesday, February 7th at 10:00am PT/1:00pm ET, @eric_capuano will demonstrate the SecOps Cloud Platform and showcase its powerful capabilities designed for the DFIR community. This is a game-changer for DFIR teams looking to:
> Get instant visibility into ongoing attacks
> Quickly gather and process forensic artifacts
> Understand the full scope of a breach from initial intrusion to post-compromise activities
What happens when attackers can SEO their fake application to the first page of search results, alerts fire along the way, and you have a customer and secops team that are top notch!
Wrote up a tutorial for using @limacharlieio to push Velociraptor hunt data into BigQuery for analysis... This is next-level hunting at the scale of GCP 🚀
I’m looking to hire a Principal Threat Intelligence Analyst here at @huntress . You’ll get to build a new program focused on the small business space (those that fall below the cybersecurity poverty line). Please feel free to reach out to me if you have questions or think you might be a good fit:
This is a fully virtual class and I won't actually be in Singapore. I'll be flipping my day/night cycle and teaching from East Coast USA. This could get interesting in many different ways.
You discover an unusual scheduled task named "UpdateCheck" on a Windows system. The task triggers a PowerShell script located at "C:\Windows\Temp\update[.]ps1
What do you look for to investigate whether an incident occurred?
You don't have immediate file system access (you can't grab the file quickly), but assume you have access to whatever other digital evidence source you need (system logs, network data, and so on).
As a manager you should be open to constructive criticism just as you expect ICs to be. Expecting to only broadcast your criticisms while remaining beyond reproach is setting everyone including yourself up for failure. Take the time to listen.
🔒 Delve into the gripping tales of true cybersecurity challenges in the InfoSec Diaries – where real-world incidents, investigations, and penetrating test discoveries come to life.
📘 Discover these compelling stories, now available in Paperback, Kindle, and Audiobook formats.
Because more than half of my professional life has focused on digital forensic evidence, I was struck to see that out of all these examinations, given the rise of digital media during the last three decades, digital evidence accounted for only 16 of the examinations leading to exoneration. #DFIR