Ian

I did a talk at ViVE Healthcare conference on just this! It’s amazing what threat hunt analysts can do with the right agent at hand.

Good thread:

Contagious Interview: Malware delivered through fake developer job interviews | Microsoft Security Blog The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and FlexibleFerret through fake coding assessments. The malware then steals API tokens, cloud credentials, crypto wallets, and source code.

Contagious Interview: Malware delivered through fake developer job interviews

It’s all about using it as a tool to learn. Verify everything, treat results with suspicion but allow it to help. AI is a tool and we have to be sure we’re using it to our advantage.

I’m all in on Agentic Threat Hunting and Malware analysis. Let’s goooo

Any questions? let me know!

‘A different set of rules’: thermal drone footage shows Musk’s AI power plant flouting clean air regulations Images confirm xAI is continuing to defy EPA regulations in Mississippi to power its flagship datacenters

www.theguardian.com/environment/...

It’s real shitty how some high-level people in our industry had ties to one of the worst people imaginable. 😡

“In less than a year, DHS has attacked the 1st, 2nd, 4th, 5th, 6th, 8th, 10th, 14th amendments to the US Constitution, the writ of habeas corpus, the independent judiciary, and much more,” states @David_J_Bier before the Senate Judiciary Subcommittee. 🗽

Read full testimony: ow.ly/PoUQ50Yfc34

spongebob says well good luck with that in a cartoon Alt: spongebob standing with a confused look and then abruptly changes his demeanor to happily say "well good luck with that." Then raises his hand and says "see ya!" Before walking away.

Them: we can deploy AI that will scale our mission and people will pay us so much money it will replace other parts of our revenue pipeline!

Me:

I hope these fuckers burn.

> Notepad++ says infra compromised
> Suspects Chinese state-sponsored hackers
> "Why would China hate Notepad++????"
> Look inside

I wrote a Sobriety Tracking and Motivation app yesterday for those of us trying to quit really anything. For me I hope it can help me stop the Camel Snus habit I picked up after I quit smoking some 15 years ago… Will get it on the stores today

github.com/hartescout/s...

I found the first investigative file from the first complainant against Epstein in 2005.

There are descriptions from the officer, over several interviews of the girl, of her pulling her knees up on the chair, drawing doodles, & the officer high-fiving her to keep her calm as she speaks of horror.

Here's a thread that you should all read, even though it will make you want to punch a wall

This is just insane. It’s only a matter of time before DHS kills another innocent person here.

(clip via MPR and @davidjbier.bsky.social on X)

How to Film ICE Filming federal agents in public is legal, but avoiding a dangerous—even deadly—confrontation isn’t guaranteed. Here’s how to record ICE and CBP agents as safely as possible and have an impact.

granular, practical, well organized info here:

www.wired.com/story/how-to...

U.S. Reaches Trade Deal with Pedotopia

Not sure how @theonion.com stays on top of breaking news like this but the print edition just showed up at my house with this:

Christmas sweater that says "Disappointments, All Of You" with DeJesus in the background

Working on React2Shell has proven frustrating. Fuck this shit imma play some @arcraiders.bsky.social

If you're an IT admin here's a few things you can check before your next internal pentest...

- credentials in unattend.xml files purged
- local admin rights for regular users removed
- edr installed on EVERY host

🧵 1/2

Wired is dropping paywalls for FOIA-based reporting. Others should follow As the administration does its best to hide public records from the public, Wired magazine is stepping up to help stem the secrecy

They're called public records for a reason. Starting today, WIRED will *stop paywalling* articles that are primarily based on public records obtained through the Freedom of Information Act, becoming the first publication to partner with @freedom.press to offer this for our new coverage.

…

#100DaysOfKQL

Day 69 - Potential Terminal Server or TermService Tampering via RDPWrap

The virus I have caught up to my family yesterday and it was not possible for me to post a query. Hopefully we'll get through it soon.

#MissedStreak

github.com/SecurityAura...

If you're going to @bsidessd.bsky.social, come say hi.

Say what now?

Joe Brinkley aka The Blind Hacker by Phillip Wylie Show Summary In this episode, Joe Brinkley, also known as the blind hacker, joins Phillip Wylie to discuss his hacker origin story and offer advice for breaking into offensive security and pen testing. They also explore the commoditization of pen testing, the evolution of the industry, and the challenges of testing complex environments. Joe shares his insights on the different generations of hackers and the role of automation and AI in pen testing. He also talks about his work with the Mentor Village and offers resources for those interested in starting their own cybersecurity brand or company. Takeaways Joe Brinkley, also known as the blind hacker, shares his hacker origin story and offers advice for breaking into offensive security and pen testing. The commoditization of pen testing has led to a shift in the industry, with companies seeking budget-friendly alternatives and rotating vendors frequently. Automation and AI play a significant role in pen testing, allowing for faster and more efficient testing, but human expertise is still crucial for in-depth analysis and finding vulnerabilities that automated tools may miss. The industry is currently in the sixth or seventh generation of hackers, with increased access to education and tools, but also more complex environments to test. Joe Brinkley is actively involved in the Mentor Village, offering mentoring, education, and resources to those interested in cybersecurity. He encourages individuals to build their own cybersecurity brand and consider starting their own cybersecurity company, emphasizing the importance of branding and networking in the industry. Sound Bites "I don't care who you go to, learn something." "Long-term security is the value we provide" "People are looking for a budget-friendly alternative because compliance and insurance now require yearly security activities." Resources https://www.linkedin.com/in/brinkleyjoseph/ https://x.com/TheBlindHacker https://x.com/deadpixelsec https://deadpixelsec.com/ Chapters 00:00 Introduction and Background 06:24 Advice for Breaking into Offensive Security 10:39 The Commoditization of Pentesting 15:53 The Impact of Compliance and Cyber Insurance 22:03 Challenges Faced by Practitioners in Limited Time Windows 25:33 The Evolution of Hackers and Accessibility of Education and Tools 30:36 The Role of Automation, Orchestration, and AI in Modern Pentesting 36:23 Building Cybersecurity Brands and the Mentor Village 41:14 Conclusion 41:52 Phillip Wylie Show Outro Video.mp4

Joe Brinkley aka The Blind Hacker podcasters.spotify.c...

GitHub - mattifestation/WDACTools: A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies - mattifestation/WDACTools

If you wish to inspect an on-device (binary) policy file, you'll need WDACTools: github.com/mattifestati...

With this, you can run ConvertTo-WDACCodeIntegrityPolicy to get a stripped-down human-readable XML policy.

#100DaysOfKQL

Day 45 - Potentially Renamed Binaries

A bit different today where I'm giving you the base KQL recipe to accomplish something and provide an example.

Credit goes to @falconforceteam.bsky.social FalconFriday which helped me get set_has_element() right.

github.com/SecurityAura...

Forging modern security with Microsoft Security Copilot Discover how Microsoft Security Copilot modernizes security operations and defense intelligence through Generative AI and Microsoft’s Threat Intelligence. A fusion of innovation, vigilance, and adapta...

Today at 5pm in the Javits Center I'll be talking about Forging modern security with Microsoft Security Copilot. I hope you can join!

aitour.microsoft.com/en-US/sessio...

#MSAITour