@securepeacock.bsky.social
I find weird things on networks. #PurpleTeam | Ex Raytheon MSSP, SCYTHE, & GD | Taught at BlackHat & DEFCON | #100DaysofSigma | Keep exploring, keep learning, and stay curious.
Update: looks like the link on the page is a drive by compromise.
29.06.2025 20:46 β π 1 π 0 π¬ 0 π 0
Cancer(.)gov, which is registered to the NIH, is hosting a page that lets you illegally stream the new F1 Movie π§
events.cancer.gov/sites/defaul...
New Octowave Loader sample is leading to Amatera Stealer deployment over the past week.
0 VT detections on any component of the malware loader.
Proofpoint rules detect the outbound C2 traffic.
My Yara rule detects the installer.
This seems like a project to watch π
04.04.2025 23:52 β π 2 π 0 π¬ 1 π 0How to properly evaluate a CVE score:
1. Is Gossi freaking out?
2. Is Florian freaking out?
3. Does SANS have an emergency webcast?
4. Are all your red team friends losing their minds over how crazy easy it is to give them awesome access.
Well the other thing is, Iβm pretty sure they were getting bounce back emails for like 3-6 years and didnβt noticed the email was no moreβ¦
12.03.2025 00:16 β π 0 π 0 π¬ 1 π 0Every marketing email Iβve ran into in this research project has some tokenized unsubscribe link, but they donβt even offer that.
11.03.2025 23:54 β π 0 π 0 π¬ 1 π 0I canβt make this up. I bought an expired MSSP domain, and set up mail forwarding for all emails. Iβve tried to unsubscribe from getting an ISACβs TLP Amber emails but they wont stating I must, βemail from an email associated with the ISAC account receiving these emails.β π€¦ββοΈ
11.03.2025 23:05 β π 1 π 0 π¬ 1 π 0I checked out the #ZeroDay series on Netflix and I think this depiction of events would take too many coordinated attacks. The Russian targeting of Ukraine with Blackenergy and Industroyer is more realistic to what happens. The scenes I saw more resemble an EMP attack.
23.02.2025 01:53 β π 1 π 0 π¬ 0 π 0
Stock up toilet paper now! π
www.scmp.com/news/china/s...
Probably because most small and medium sized app businesses are just that π€·ββοΈ
Most start ups have a base and then duck tape on as fast as they can to make sales happen. By then, itβd eat up too much revenue to rebuild the code right.
This is why I think TTP count is a terrible metric. You either detect the procedure adversaries use or you donβt, this count of 4 for whoami /all is meaningless in most cases.
14.02.2025 03:45 β π 3 π 0 π¬ 1 π 0Before rushing to secure GenAI, make sure your DevSecOps and AppSec foundations are solid. GenAI is just another piece of the application stack. Security fundamentals are crucial. To help understand it, GenAI vulnerabilities are a lot like SQL vulnerabilities.
10.02.2025 18:58 β π 0 π 0 π¬ 0 π 0
Interesting talk today by @wietzebeukema.nl. Make sure you follow him and check out his GitHub too.
06.02.2025 17:49 β π 3 π 0 π¬ 0 π 0Excellent comparison chart:
argfuscator.net/entries/comp...
Today at WWHF Wietze is dropping Invoke-ArgFuscator π
t.co/b4Agg3nveJ
π¨ Last day to submit a CFP βΌοΈ
Get yours in ASAP. Last year saw nearly 2,000 registrations. This is one of the best B-Sides in the world. Oh and did I mention you can visit beautiful Florida beaches during your trip in May?
events.bsidestampa.net/BSidesTampa2...
Whoβs going to WWHF Denver?
30.01.2025 14:59 β π 2 π 0 π¬ 1 π 0
Heard this on a podcast and it really resonated with me.
30.01.2025 01:29 β π 1 π 0 π¬ 0 π 0
Contrary to popular belief, piping IOCs to your SIEM does not mean youβre making CTI actionable.
29.01.2025 21:37 β π 1 π 0 π¬ 0 π 0Iβm head to Breck Friday and skiing Saturday-Sunday.
03.01.2025 15:53 β π 1 π 0 π¬ 0 π 0One of the best career tips I can share is to care about the people you work with. Not everyone will be receptive, but those who are can become invaluable connections in your career journeyβand in life.
02.01.2025 01:16 β π 3 π 0 π¬ 0 π 0One piece of advice to give new SOC analysts is to have humor.
Working alerts in a SOC is a high stress environment and the grind never stops, so find ways to laugh and enjoy who you work with.
Just a friendly reminder that you can hunt in datasets that are outside your organization.
17.12.2024 17:13 β π 2 π 1 π¬ 0 π 0Purple Team metrics can be tough and conflated with BAS testing so hereβs a few, but feel free to add your own in the comments.
1. Engagements with SOC per year/quarter.
2. Intel leads tested.
3. Custom tests to verify detection logic.
4. Request for testing completed %
One of the quickest GenAI use cases you can do in your SOAR is to auto enrich command lines associated with an alert by adding an explanation of what the command is doing. This boost productivity and situational awareness of the analysts.
03.12.2024 22:49 β π 5 π 0 π¬ 0 π 0As a Bucs fan, I disagree lol
03.12.2024 01:42 β π 1 π 0 π¬ 0 π 0This is approaching gross negligence, leaving a public facing back door open π€― :
βgained initial access through a web shell left from a third partyβs previous security assessmentβ
www.cisa.gov/news-events/...
