A couple weeks back we noticed an uptick of incidents from trojanized Advanced IP Installer's delivered due to #malvertising. We tied it back to a group who were formerly a #darkside#ransomware affiliate according to Mandiant.
You may remember articles circulating about Bing's AI providing malvertising links. This is from the same campaign.
Finally starting to try and blog some outside of work, probably going to mostly be writing about #detectionengineering like this first post about the Suborner invisible account persistence technique released last year by @r4wd3r
Thrilled to launch So You Want to be a SOC Analyst? 2.0 -- Now, with no requirements to run your own VMs!
SYWTBSA 2.0 enables paid subscribers of my blog to dive into this 6-part threat detection & response lab using a fully self-contained, cloud hosted VM. Also, much of the setup steps have been taken care of for you, enabling you to dive right into the best parts of the lab.
Also, this version of SYWTBSA has been tweaked and revamped specially for this cloud-hosted version.
At this point I have taught or advised hundreds of aspiring hackers. I've provided instructional content to thousands more.
I can count on one hand the number of times an aspirant has told me they want to go into defensive cybersecurity. #DFIR, #ThreatHunting, #DetectionEngineering...these ain't lighting up the imagination of the padawans.
But I constantly see mid-career pentesters/red teamers decide to move over to defense for one reason or another.
Which leads me to conclude that we've made a fatal flaw in #CyberSecurity training. Since a defender must understand attacks anyhow, I am coming to the conclusion that all technical cybersecurity training should begin with the offensive skills. Then mix in the defense. I believe seeing both sides like this might make defense more appealing earlier—and produce better defenders.
Last night my co-authors and I turned in the final chapter's first draft for our book, Practical Detection Engineering: A hands-on guide to planning, developing, and validating threat detections. Still got a few rounds of technical reviews and copy edits but definitely a big milestone for us.
When performing competitor analysis we found that despite the numerous amazing blog posts from industry experts, there wasn't a complete book focused solely on detection engineering, so hopefully we can fill that gap for the field! The book is scheduled to release in early August and is available for pre-order on Amazon now: https://www.amazon.com/Practical-Detection-Engineering-Confidently-detections/dp/1801076715
If you have a Packt subscription, it'll be in the eBook library too.
Thanks in advance for anyone who decides to invest in our work and check it out!