 |
Post AtPLycKblujF9KCMAy by [email protected] |
 |
More posts by [email protected] |
|
Post #AtPIvsQhAATSLV2z1E by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Google’s M-Trends 2025 report is out - data from Mandiant’s incident respon… |
|
|
|
Post #AtPJgV7Ve1uPfBIyzA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Exploitation was the primary entry method into orgs, although it declined sligh… |
|
|
|
Post #AtPJpTodramCDxlHPM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
“The majority of organizations, 57%, first learned of a 2024 compromise from … |
|
|
|
Post #AtPKEFqAxafS7WIC36 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Dwell time - the time between initial access to incident response (ie notificat… |
|
|
|
Post #AtPKRNpyXWAigcSWkS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
35% of Mandiant engagements are financially motivated, ie ransomware or just ex… |
|
|
|
Post #AtPKXwLZ9AgBSAMUM4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog what are the other 2/3? |
|
|
|
Post #AtPKhjx85COZuRbYg4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Beacon aka CobaltStrike usage is falling off a cliff. |
|
|
|
Post #AtPKllkLM6iIdBXsSO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog We observed a slight increase of companies monitoring for user and… |
|
|
|
Post #AtPKtsC1Gv8CwOM4I4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Ransomware initially entry: brute forcing VPNs with no MFA, infostealer stole c… |
|
|
|
Post #AtPLFrUEZuZX7aMMPg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
49% of orgs found out they had a ransomware actor when the ransomware actor dep… |
|
|
|
Post #AtPLV8R7qDmC2BBkXo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Worth noting that the dwell time for ransomware groups discovered by internal t… |
|
|
|
Post #AtPLYJQvPbfb0bbs5A by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Yep. As I say in my lectures, logs are useless if all you ever do … |
|
|
|
Post #AtPLkijHBiH8wD6swy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog Also: Have a security.txt and read your f*cking email.I help peopl… |
|
|
|
Post #AtPLsAK4zgdIXqsHom by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog As for VPNs: use "real" VPN protocols (IPsec, OpenVPN, W… |
|
|
|
Post #AtPLycKblujF9KCMAy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Also know what to do with the alerts.... don't buy the fancy t… |
|
|
|
Post #AtPM3GlrMPeTjFABdY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog oof 😅 |
|
|
|
Post #AtPM3ojZ5S1D3yLpmS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Info stealers make about 16% of incidents. Example here around Snowflake (which… |
|
|
|
Post #AtPMRN9bHSLoTVlF3o by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Translation with this one - everybody is busy worrying about AI while all their… |
|
|
|
Post #AtPMrxgC6LdTHpgXfE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
And that’s a wrap, the report is worth a read. You should balance it out with… |
|
|
|
Post #AtPNpxIkdVF5UNKLaa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog “swap VPN vendors to one that doesn’t suck” LMAO there isn�… |
|
|
|
Post #AtPOr0fFiatuA8v0ro by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog great thread. Thank you Kevin! |
|
|
|
Post #AtPQGdI3LTXL9UqhUm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
One other note - you may say ‘but Kevin, the incident response data wouldn’… |
|
|
|
Post #AtPR15r3TWmT43NJtg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog VPNs just need to die period. I also don’t understand why peopl… |
|
|
|
Post #AtPS9MSDk6liokGVai by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog I guess I file a ticket then, thank you for sharing! |
|
|
|
Post #AtPUcV6upyUPyGK47U by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog Remark: the amount of data friends find in S3 and other buckets go… |
|
|
|
Post #AtPUurOIjoZmHjD1DE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@vampirdaddy @GossiTheDog is there any reason not to exclusively recommend wire… |
|
|
|
Post #AtPUurUgM5gEbWC79s by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@brahms @GossiTheDog Compatibility / availability.And needed feature set:Encryp… |
|
|
|
Post #AtPUz8w9Rc6xrS5IGW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog well yeah, that’s because nobody can afford BOTH Mandiant and Ci… |
|
|
|
Post #AtPqwY2JrnCvpR8Z0a by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog I assume beacon usage dropping off is 1) also biased by Mandiant�… |
|
|
|
Post #AtPs79tS4P7k5dc3Dk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog If the fundamentals were easy, we would have solved them by now. W… |
|
|
|
Post #AtPtTvA96XuH1Aq5Jo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog Oh good. I know management at my work sees this and just goes &quo… |
|
|
|
Post #AtPuJpZb8CLSjzUqlE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wendynather @GossiTheDog If only we could make fundamental security as cool an… |
|
|
|
Post #AtPuft1Wyzw7oU4xaS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Sikorsky78 @GossiTheDog Right? Single-origin extra-dark bittersweet MFA, or so… |
|
|
|
Post #AtPvbXemaAwULBvlxo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@JmbFountain @GossiTheDog The number of times people are like "we send the… |
|
|
|
Post #AtQ4x5DXtnJy61XO7c by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@sten @GossiTheDog Hilarious 🤣🤣🤣🤣 |
|
|
|
Post #AtQ4y25n0HAoh3MWiu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wendynather @GossiTheDog Now we just have to go viral. |
|
|
|
Post #AtQ51USXzYX5XbeiuG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@jrdepriest @GossiTheDog Or get an alert, go into full panic mode, do all sorts… |
|
|
|
Post #AtQ574o8HHNzikPqaW by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@JmbFountain @GossiTheDog Our MSSP still occasionally us breathless alerts for … |
|
|
|
Post #AtQ8uGuiM71JJre0Ku by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog While clearly you want to limit access to sensitive security-relat… |
|
|
|
Post #AtQJWWZZaDswQldOVc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @jpm They just added support for rate limiting logins in the last… |
|
|
|
Post #AtQoF5fRScQqdpXwBc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog not nearly long ago as it should have been, i was helping build a … |
|
|
|
Post #AtQxpgP7FcuWagQwNs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog that's because not even APTs can figure out how to get it to w… |
