 |
Post Avvudqd5DwX6T3Q7H6 by [email protected] |
 |
More posts by [email protected] |
|
Post #AvtemA2EyEPDO5D39U by [email protected] |
|
0 likes, 1 repeats |
|
|
|
EDR: We blocked a malicious PowerShell script but didn't delete it.Me: Okay… |
|
|
|
Post #AvtfZKMVMdgRba8GuG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w SEP used to do that shit all the time. |
|
|
|
Post #AvtgXiAZyclOonLc7E by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Xavier I do not miss SEP at all. |
|
|
|
Post #AvtoQa6KNP2BOsTCZU by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w Love it when the EDR vendor grabs the sample for themselves but won't… |
|
|
|
Post #AvtoVxCttd9eVh6eY4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart Just had the same thing with an Excel macro too. I hate this industr… |
|
|
|
Post #AvtrXLoWC6SQyk3kAK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
EDR: This user logged in from an unusual location.Me: Okay, where?EDR: Californ… |
|
|
|
Post #Avtrd3AMRGfyshzfii by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w That the actual fuck? |
|
|
|
Post #AvtruqsSrmL1yu6y6C by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Sempf Exactly. I know GeoIP lookups are not super reliable and with things the… |
|
|
|
Post #Avtswqz3XfKKqPiGGm by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w Oh, I have one! This is a true story but names have been changed to prote… |
|
|
|
Post #Avtt9THAzwTL54Cm5A by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@saltmyhash I know that feeling hard. 😒 |
|
|
|
Post #AvttIJOZ6Vzj2fsPgG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @Sempf ASN14593? (Starlink) |
|
|
|
Post #AvttLlMVa3VKeGYnBY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@badsamurai @Sempf Ha! Nope. That's its own separate shit show. And not jus… |
|
|
|
Post #Avtu6ceLn2sPEqFYoK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w I had exactly this, and it was _not_ malicious. |
|
|
|
Post #AvtuBoPFVW7j9Ff2ye by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@FritzAdalis It's usually a user logging in over a commercial VPN but it… |
|
|
|
Post #AvtuLKDcbBOGQ2l5lY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w In my case it was Mimecast downloading attachments using shady data cente… |
|
|
|
Post #Avtw9MCjads90jlSjI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @Sempf GeoIP databases seem terrible.When I log into something with a new… |
|
|
|
Post #AvtyJuaanpcwSR5J4q by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@chewie @Sempf Even the country level is getting harder. That doesn't mean … |
|
|
|
Post #Avtztbah11fdukiPei by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w specifically watching IP addresses that cycle rapidly between Autonomous … |
|
|
|
Post #Avvsi2tvLAPrmGAgG8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
EDR Vendor: We use machine learning to create a baseline of normal activities s… |
|
|
|
Post #Avvt2hkJBosAFOWacS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w patching cycle? |
|
|
|
Post #Avvt2hqKpPh2Y5LP0q by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@h2onolan humblebrag |
|
|
|
Post #AvvtSX5xPaTYk9xz8a by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] IPs being absolutely divorced from physical infrastructu… |
|
|
|
Post #AvvtSXDOxuQl7FRvk0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@froge I like when they trust multiple and just provide the one that answers fi… |
|
|
|
Post #AvvtvJAwFATvyE19aC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w and this right here is why an IT background is really helpful. |
|
|
|
Post #AvvtzMWviGDFX7ElCy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w EDR: Boy, there sure is a lot of traffic to akamai, looks suspicious AF |
|
|
|
Post #Avvu3I668TjKwYYmGG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@da_667 @cR0w ...I mean... I'd be all here for just blocking CF for a day �… |
|
|
|
Post #AvvuCt12FADe39ldTc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@TindrasGrove :1000: "Production? We do security here." |
|
|
|
Post #AvvuF0XVF31nxmxuls by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@da_667 I really wish that was an exaggeration. |
|
|
|
Post #AvvudqVzeIrU746SDw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @da_667 it's fine, just trust this self-signed root certificate from … |
|
|
|
Post #Avvudqd5DwX6T3Q7H6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @da_667 EDR: Hrm, self-signed root certificate...EDR: And it forces the s… |
|
|
|
Post #AvvudqjSqDdYmqPDDk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@rootwyrm @cR0w "looks like bob in accounting is using alternate data stre… |
|
|
|
Post #AvvuwVDD4qJ1XrDI4u by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@da_667 @cR0w "Jim in infrastructure is trying to send a Zip file named &#… |
|
|
|
Post #AvvuwVJah7PTreCO1Y by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@rootwyrm @da_667 Look, if you're going to make fun of my queue, the least … |
|
|
|
Post #Avvv7NB3I53hoLO5I0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @da_667 I would but the MITM proxy service has decided Jira is malicious.… |
|
|
|
Post #Avvv7NHQuMAA88NBEe by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@rootwyrm @da_667 marked as true positive |
|
|
|
Post #AvvvEwGFFSsseGQLzs by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @rootwyrm resolved//wontfix |
|
|
|
Post #AvvvpPkD6jIgVwpi6q by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@da_667 @cR0w @rootwyrm WONTFIX is my favorite way to close tickets. :D |
|
|
|
Post #Avw5FXkmqofuTHdY36 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w "So that breach you've had going on has had the same outbound co… |
|
|
|
Post #Avw5FXrAT5mMn4cdzk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@laren Accurate. Cursed, but accurate. |
|
|
|
Post #AvwV8yWtUvhoIRfR5s by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@laren @cR0w I'm reminded of a story where some shop got hit, and the attac… |
|
|
|
Post #AvwV8ydH7CoGcEeX2W by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @cR0w I recall another story (thus why I make the 'volunteer sysadmin… |
