A question for my security friends out there, is it good practice for an IT team to send out a Phishing email to all users to ‘test’ them? Follow up question, if it IS a good idea, who do you typically use as the sender of the email? Like, the CEO, CFO, a high ranking IT person in the org? Someone else?
Wrote up a tutorial for using @limacharlieio to push Velociraptor hunt data into BigQuery for analysis... This is next-level hunting at the scale of GCP 🚀
Somebody recently shared YARA Forge with me and I tested the "core" ruleset and it's maybe the most impressive free ruleset I've seen... Extremely low false positives, very high detection rate.
This is a genuine request for input from the community.
A member of upper-middle management for a midsized internet technology company recently explicitly stated that they didn't want to install the company's management agent on their device. "I think for leadership, that sort of thing should be optional" was the quote.
This person is intelligent and capable, and is otherwise someone I would respect as a fellow member of the same circles and business.
This is so against axioms that I hold almost self-evident, that I realized I don't even have good arguments. I can endlessly find corners of the internet where this would be akin to "Pi is exactly 3!" at a Mathematics convention, but is there ever generally a time or company's infrastructure configuration where simply ignoring or allowing to be optional endpoint security wouldn't just be blatantly stupid?
Besides being aghast and expressing sharp chastisement, how does someone go about even beginning to describe why this cavalier attitude is so abhorrent?
Is there some situation where it's actually a kosher methodology or mindset?
I think I might just be so thrown off guard by the concept that I just can't think of even an obvious answer to start with here.
#Security geeks. Please help me understand something.
One of my apps runs a tiny local JSON API server. By default this is port 5749, but you can make it whatever, and there is zero need to expose this port to the network.
I have a potential user who says they can't install it because their Co forbids running apps with "open ports". I'm like ⁉️ because I don't understand how this could possibly be a security risk if you don't expose that port.
I am excited to keynote at #SecOps Vision for 2024 tomorrow, Nov 9.
At 12pm ET my talk "The Modern #CTO Toolbox: Building Your SecOps RFP" reviews ~100 #Cybersecurity reqs & explains how to safely 'get to Yes' w/ policy, process, & tools.
Thrilled to launch So You Want to be a SOC Analyst? 2.0 -- Now, with no requirements to run your own VMs!
SYWTBSA 2.0 enables paid subscribers of my blog to dive into this 6-part threat detection & response lab using a fully self-contained, cloud hosted VM. Also, much of the setup steps have been taken care of for you, enabling you to dive right into the best parts of the lab.
Also, this version of SYWTBSA has been tweaked and revamped specially for this cloud-hosted version.
When I’m not shitposting or otherwise broadcasting the never ending firehose of random and often worrying thoughts that pop into my head on a minute by minute basis - I actually write proper professional books!
Here’s one called Security Operations in Practice. It teaches you how to build a SecOps team. I wrote it mostly on a commuter ferry.
Hey! I’m looking to add another member to my growing security operations team! If you are looking to help grow security operation processes and work to find evil with an awesome team and a great business, take a look!
It has been an incredibly busy month for the team at LimaCharlie. We have released several powerful new features and made many improvements to existing functionality.
> Updates to the EDR Sensor
> New MFA Option - Authenticator App
> Lookup of the Living Off the Land feed from loldrivers
> Announcing LimaCharlie Extensions
> Introducing BinLib: your private binary library
> Added the OpenSearch Output
When looking at all the CPU vulnerabilities in the recent years even until this day. We see mitigations taking place in microcode or OS level. But the performance impact is huge! Sometimes 30%-50% decrease in performance on specific tasks like databases!
Question: can we get some compensation as consumer? Since both Intel and AMD sold hardware that doesn't give the promised results. #specre#meltdown#hertzbleed#Zenbleed#Inception#vulnerability#security#secops#compensation#money
"Fix arbitrary file creation through media processing"
This is honestly quite heavy and can (I do not have full details) potentially be abused for backdoor/intrusion.
Once there, attacker has access to your whole mastodon instance. Even if you run your sidekiq in a different container, most likely you will have the same privileges setup there (database, s3, etc.).
Since there has been a huge influx of new users, I decided to write a new #Introduction and actually pin it to my profile.
I'm pushing 50 years old and I live in a Red State that is trying to make me illegal. I'm a #pansexual / #bisexual#transgender woman married to a heterosexual cisgender woman who frequently talks about the current hellscape for people like me in my Toots.
I'm #NeuroDivergent / #ND which is probably why all of these sentences start with "I".
I've worked in #InfoSec for a little over 20 years. I've had lots of roles in #SecEng, #SecOps, and #ThreatManagement. I taught myself #Perl, #Bash, #SQL, and #PowerShell. I'm decent at #JavaScript. I can read #Python and #Ruby. I enjoy automating things and turning manual processes into scripts.
I've been the primary #CareGiver to my wife for 8 years since she developed a chronic condition and went on disability.
My hobbies including #writing#paranormal short fiction, journaling my #dreams, and playing #PCGames on my laptop and #SteamDeck.
I prefer #StarGate over #StarTrek over #StarWars. Still waiting for Amazon to do something, anything with the Stargate property.
While we loved the #ArrowVerse including #Stargirl and #SwampThing, in general we prefer #Marvel over #DC.
I'm a fan of #Horror / #HorrorFam, #HorrorMovies and #HorrorBooks, especially the existential dread of #CosmicHorror or #LovecraftianHorror. I tend to sympathize with the nameless terrors. I am not a fan of mindless slashers, unrelenting gore, or torture porn. Over-the-top, egregious gore that crosses into the absurd is fine, though, so I am a Sam Raimi fan, obvs. Also, #HorrorComedies are underappreciated.
I'm slowly reconnecting with my #Pagan roots. I knew some stuff about #Tarot and had a friend who as a tree a lifetime ago and I'm trying to rekindle that.
We've got #Cats and they are our kids. I also happen to love #Frogs, but we don't have any of those.