Discover and read the best of Twitter Threads about #IncidentResponse

Most recents (9)

10 ways to use awk for hackers! 🚀 🧵👇 Image
1️⃣ Extracting Specific Columns from a CSV File

Quickly extract email addresses and phone numbers from a huge contact list.

#DataExtraction #EthicalHacking Image
2️⃣ Filtering Lines Based on a Pattern

Filter out sensitive information like passwords from log files.

#LogAnalysis #Security Image
Read 11 tweets
Today's quick #malware analysis with #SecurityOnion: FAKEBAT, REDLINE STEALER, and GOZI/ISFB/URSNIF pcap from 2023-02-03!

Thanks to @malware_traffic for sharing this pcap!

More screenshots:
blog.securityonion.net/2023/02/quick-…

#infosec
#infosecurity
#ThreatHunting
#IncidentResponse
@malware_traffic Let's review some of the data that #SecurityOnion generates from this traffic!

When you import the pcap using so-import-pcap, it will generate a hyperlink that will take you to the Overview dashboard:
@malware_traffic Here are the NIDS alerts:
Read 13 tweets
(1/6) To all investigators out there who have heard of #Maltego before, but still looking for more information. Here's what you need to know about Maltego 👇 #OSINT #infosec
(2/6) #Maltego is a link analysis tool that helps you automatically pull and map data from over 70 public data sources (#OSINT) and third-party data providers, and your own imported or custom data integrations. All of this done with a few clicks on the mouse in one interface.
(3/6) You start by providing input information for your investigation (name, alias, domain, IP address, etc.), install the data integrations you want to use, and #Maltego will retrieve relevant Entities from the data integrations and visualize the data connections between them.
Read 6 tweets
A thread on the (suspected) Okta compromise from an incident response perspective 🧵

#okta #LAPSUS$ #dfir #incidentresponse
1. Collect and preserve all Okta logs, focus on the Okta System Log as it's the main audit trail for Okta activities
Need more info on this log check (developer.okta.com/docs/reference…)
2. Search your audit log for suspicious activity focus on your superuser/admin Okta accounts as they pose the largest risk
Read 21 tweets
Here begins a fun thread of the finished lightboards that we make together during the ϟ Enlightning stream. ♫

Also- a big THANK YOU to all who come out to watch ϟ Enlightning, and also to those who take the time to watch the recording. I appreciate you.

@VMwareTanzu
What is a Small Batch Loop? Featuring guest @cote Image
Dockerfiles Vs. Cloud Native Buildpacks featuring guest @ciberkleid Image
Read 33 tweets
Dealing with a bunch of memory #forensics lately so I just dump fairly new tools that are useful to all #dfir #incidentresponse out there:
MemProcFS - convenient and easy to use
BulkExtractor - extracts everything into a text file and grep it
SuperMem - CS tool for quick triage
Read 4 tweets
.@reuschlaw ist beim European Cyber Security Month (#ECSM) von @enisa_eu und @BSI_Bund gleich mit zwei Webinaren beteiligt: Am 05.10.2020 zu Sofortmaßnahmen bei #Cyberangriffen und am 20.10.2020 zu den Auswirkungen von Corona auf die IT-Sicherheit von Unternehmen. #ECSM2020
Anmeldung und weitere Informationen zum #ECSM2020-Webinar von @reuschlaw am 05.10.2020 (Gehackt und jetzt? – technische und rechtliche Sofortmaßnahmen bei Cyberangriffen) unter bsi.bund.de/SiteGlobals/Fo…. #ITSicherheit #Datenpanne #Cybersicherheit #IncidentResponse
Anmeldung und weitere Informationen zum #ECSM2020-Webinar von @reuschlaw am 20.10.2020 ("Virus durch das Virus: Auswirkungen von Corona auf die IT-Sicherheit von Unternehmen") unter bsi.bund.de/SiteGlobals/Fo… #Corona #ITSicherheit #VirusdurchdasVirus #ECSM2020
Read 3 tweets
We are just starting our session @hasgeek. @abh1sek talking about data breaches and how they happen.

hasgeek.com/rootconf/data-…

Join the live stream on the webpage.

#datasecurity
Thank you @hasgeek for giving us this amazing platform to talk about what we love most #datasecurity #appsec
#cloudsecurity
Agenda for the session
Read 29 tweets
Kommentar zum Artikel:
Bei unseren Kunden wurden alle #Netscaler unmittelbar nach bekanntwerden des Workaround angepasst.
Nach genauerer Analyse mussten wir aber feststellen, dass "alle" Netscaler bereits #kompromitiert sind. 1/x

#Citrix #Shitrix #fail

security-insider.de/shitrix-gefaeh…
Da auf den Systemen durch die #Exploit's offensichtlich unter anderem auch #Cronjob's eingerichtet wurden, welche irgendwann in Zukunft beliebigen Code von russischen Servern nachladen...jeder Anwender absolut sicherstellen, dass sein System nicht bereits #kompromitiert wurde.
Der angekündigte #Hotfix, wird die bereits entstandenen Probleme sicher nicht lösen. Aus unserer Sicht hilft ausschließlich eine komplette #Neuinstallation der #Komponenten, verbunden mit einem unmittelbaren unmittelbares umsetzen des #Workaround bevor das System online geht.
Read 11 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!