Discover and read the best of Twitter Threads about #infosec

Most recents (24)

A few wks ago new words in the wordclouds of our domestic subset of #Hamilton68 Russian sympathizer accnts appeared on the topic of abortion. President Trump has been bleeding support among evangelicals & campaigns #walkaway & #buildthewall have proved ineffective #infosec #osint
It makes sense the #GOP would go back 2 their time tested political issue of abortion. And in this case push the most emotionally charged fringe like late-term abortions. The #Hamilton68 subset focused on Russian geopolitics showed a steady uptick around the topic #infosec #osint
We also looked at another #Hamilton68 subset that focuses on US Politics and contains a high level foreign sourced accounts & saw the same thing. This subset showed a dramatic increase in terms like abortion and late-term abortion. Something we've not seen before #infosec #osint
Read 8 tweets
EMOTET ANALYSTS: Everyday, our team sees 5-15 clients networks wrecked by Emotet. Cleanup/response can take 3d - 3mo depending on IT department skills, tools, and telemetry. We’re creating a “synchronized” removal capability and could use additional perspective. 1/x
We know the core of lateral movement for Emotet, TrickBot, Qakbot, etc. is abusing of elevated creds/tokens, standard local admin passwords, and MS17-010 for poorly maintained networks. With these, payloads are dropped to remote shares via SMB & started via remote services. 2/x
For starts, we could use some perspective to make sure there’s not more we’re missing in regards to lateral movement.

We are aware of email spreading and browser password scraping plugins. However, we like to scope this to stopping local self-propagation of the bot first. 3/x
Read 13 tweets
This #smollett story is a runaway train and a complete mess. Actual CPD detectives saying rumors circulating are not true. Safe to say at this point anything could be true and anything could be false. #disinfo #fakenews
When you have these as your major #Twitter nodes & 9% bot participation 4 the #Smollett story I think you can safely say its best to turn off #foxnews & #cnn, let the dust settle and come back in a few days to let "sourced" reporting bubble to the top. #infosec #disinfo #fakenews
OMG ... I mean why not double down on the crazy and say one of the 2020 presidential candidates also helped plan a hoax which may in fact itself be a hoax on #smollett. Who knows? #walkaway from unsourced news reporting #disinfo and #fakenews #infosec #psyops
Read 3 tweets
Last wk we noticed that an entire subset of our #Hamilton68 accounts had been suspended in mass. We have seen suspended accounts from time to time but not a whole set. To be clear these were bot accnts so it made sense they would all get suspended at once. #infosec #osint
We determined from our archive that they were mostly suspended around January 26th and this was the last tweet in our archive. #infosec #hamilton68 #osint
Some searching on Twitter & we found that our fellow bothunters @conspirator0 & @ZellaQuixote had already put out this excellent thread on Jan 24th outing most of the accounts in this small botnet. I apologize 4 missing it at the time #infosec #hamilton68
Read 13 tweets
<<THREAD>>

A few days ago I requested a rug sample from a cute little online homewares retailer based here in Melbourne. They have really adorable stuff. They responded asking me to provide my credit card details for a security deposit. [1/23] #infosec #opsec
The PDF also requested a bunch of personal identification data such as name, age, and address. They wanted me to fill out the PDF and email it back to them. [2/23]
As the default s̶u̶c̶k̶e̶r̶ sys-admin for my parents and extended family, I've seen them become vulnerable to some pretty nasty phishing attacks and malware in recent years. Heck, I've been a target myself. [3/23]
Read 23 tweets
Finally we are able to analyze the most common URL use from a subset of #Hamilton68 accounts. Many many thanks to @Saill for all the scripting work on this. We now have a ton of additional data that can be analyzed. #infosec #opsec #osint
This is the top 25 URLs used by the #Hamilton68 subset of accnts focused on Russian Geopolitics. The most recent 3000 tweets from each of 125 accts were analyzed. 375000 tweets total. Fairly expected results & shows the prominence of Youtube & Facebook use. #infosec #opsec #osint
Further down the list in top 35-56 range revealed more interesting sites being used by these accnts. Ria(.)ru is a fairly new Russian media site housed at the same location as the Russian IRA troll farm. Stalkerzone is well known disinfo site #infosec #opsec #osint #hamilton68
Read 5 tweets
"If you have nothing to hide you are worthless" Shoshana Zuboff #CPDP2019
Should we not gather in resistance against surveillance capitalism which has come to destroy human nature as industrial capitalism did to nature?
@murakamiwood digital is another special fix of capitalism to commodify aspects of human experience until now uncommodified.
Read 18 tweets
Just ran our #Hamilton68 accounts and here are the top hashtags being promoted over the past 48 hrs by two of the main troll subsets. One focused on US politics and one focused on Russian geopolitics. No big surprise #CovingtonCatholic cracked the list #infosec #opsec #psyops
A friend helped do a quick analysis of last ~3000 tweets from 24 core #Hamilton68 accounts in my US domestic subset -- 73165 tweets in total. Here were the top accounts retweeted. We removed all known Hamilton68 accts from this list. Yellow are known/verified accts. Thx @saill
Guessing a lot of you will recognize some of the accounts on this list. Just because we haven’t been able to reverse engineer them as Hamilton68 accounts doesn’t mean there aren’t a few suspect ones on this list.
Read 12 tweets
Another year, another proposal to address the talent shorta...er, 'human capabilities issue' with some form of militia/guard/reserve staffed with volunteers...

...because if there is one thing people in this business needs, its more - unpaid - work.
If your proposal for the talent shortage involves piling work onto an already overworked and stressed out workforce with rare skills because 'patriotism' or some s***, you haven't been paying attention to WTH has been going on for the past 17 years.
If you insist on using martial analogs to frame the talent issue then use an appropriate one: the draft.

The VAST majority of issues in #cybersecurity #infosec don't require 'ninjas' or 'rock stars', its complete and utter grunt work.
Read 7 tweets
Time for fun! The @WordPress plugin known as Social Network Tabs, made by Design Chemical, combines all of your favorite social networks profiles. Due to their poor coding skills I was able to take over 127 Twitter accounts #0day #infosec github.com/fs0c131y/CVE-2…
This is caused by the following lines of code within the page where the Twitter widget is displayed. Yes, they leak the Twitter access_token, access_token_secret, consumer_key and consumer_secret of their user
Thanks to @publicww, with the following search queries, I managed to retrieve the Twitter access_token, access_token_secret, consumer_key and consumer_secret from 539 vulnerable websites
Read 15 tweets
With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.
The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone
Technically, everytime a user is launching the app, a HTTP server is started. This server is opening locally the port 59777. On this port, an attacker can send a JSON payload to the target
You can find the proof of concept on this Github repo github.com/fs0c131y/ESFil…
Read 15 tweets
Just before Christmas we looked at #Hamilton68 accounts who focus on Russian geopolitics and how they were stoking the #giletsjaunes conflict in France. We noticed a new hashtag #integrityinitiative (red arrow) .. #infosec #osint #opsec
We didn't think much about this over the holidays but revisited it in early January 2019. Turns out the the #integrityinitiative had become even more prominent and prompted additional research .. #infosec #osint #opsec
We did a hoaxy analysis of the #integrityinitiative hashtag on January 5th and noticed two major nodes of well-known #Hamilton68 accounts .. @Ian56789 and @ShoebridgeC ... #infosec #osint #opsec
Read 10 tweets
The one often overlooked vulnerability in your threat model: you.

A thread.
There was an evening twitter discussion with @CharlesDardaman and @ravici yesterday about the reality of the threat of furloughed federal workers getting flipped by foreign adversaries.
@CharlesDardaman @ravici I think it needs to be part of the Fed's threat model now, since the Fed is telling them to hold garage sales to make ends meet.
Read 10 tweets
Second cache of 9/11 docs released by The Dark Overlord hackers rt.com/usa/448416-hac…#september11 #DarkOverlord #TheDarkOverlord #ITsec #ITsecurity #IsraelDid911
According to @Forbes, the cybercrime group known as #TheDarkOverlord has acquired 18,000 documents, many of which are related to the 9/11 events, and are demanding #bitcoin ransom in return for the data. #DarkOverlord
forbes.com/sites/thomasbr…
Read 24 tweets
A fascinating thread ...dont think 4 a minute that the only propaganda / misinformation campaigns come from Russia ... there are plenty of domestic operations going on right now. In this case a Wall Street Hedge Fund manager posing as a #Bernie2020 acolyte
As @HoarseWisperer alertly posted, this Hedge Fund manager is running a disinfo / troll campaign against @ewarren and her supporters. If ur reasonably intelligent, I think you can figure out why a wallstreet Hedge Fund manager might be behind promoting #Bernie2020 #infosec
No idea right now how much of the "we want Bernie" tweets to @ewarren are from trolls, cyborgs and bots. Guessing like ourselves lots of other groups are scrambling to collect the data for analysis. #infosec #opsec #osint
Read 8 tweets
Just in time for the Jan hiring frenzy:

If you're looking for work in tech but can't be open about it, DM me your basic info (desired title/skills/location) and I'll tweet an anonymized summary for employers to check out + will DM/email intro you to interested employers 💖
Employers interested in these intros: it's dual opt in, so I'll intro you all if both you and the jobseeker wants an intro.

Let us know what your company does and what's great about it when asking for an intro?
I’ve got a Porto based senior embedded software engineer w/ C, Python, Shell who is looking for work. Open to relocation ✨

Reply here if you’re hiring for something like this and I’ll intro you if they’re interested!
Read 79 tweets
The alt-right is in an interesting quandary. They want 2 argue #projectbirmingham, a small social media disinfo experiment by a handful of Dem activists affected the outcome in Alabama Senate race ...but not social media disinfo efforts by Russia, a nation state in 2016? #psyops
Some background on #projectbirmingham .... if everything from the original NYT story is true about this domestic disinfo campaign against #RoyMoore then yes I am against this as much as I am against what Russia did in the 2016 elections. #infosec #ALsen
NEW: This is a strong denial from the New Knowledge CEO Jonathan Morgan, including the part about the creation of fake Cyrillic Russian bots ... so someone has some explaining to do #ProjectBirmingham #infosec
Read 11 tweets
I've been tagged in quite a few #FF today, and as it's the last Follow Friday of the year, I wanted to take a sec to chat about social media as it relates to #infosec and #threatintel.

Kind of like a year in review.
Social media has been a hot topic this year. It's literally made it into the halls of Congress. But I'm not going to talk about how Jack and Zuckerberg are selling our souls away at our own consent, or about how they're knowingly assisting in foreign information operations.
Let's chat about potential.

Social media has a massive potential for change. You don't have to look much further than the Arab Spring to know that. For our industry, it has a massive potential for great, or awful, change.
Read 14 tweets
I get to head out on vacation in a couple of hours. normally I'd do a farewell #FF, but not this time.

I'm too disappointed.

Mini Thread.
I am not a military man, I never was. Yet, I felt a great depression set in when I saw Mattis resign. I have a great respect for him, I started to think about why, why it depressed me, and realized it spreads to much more than this moment in time in my life.
There is a dearth of leadership everywhere. We refuse to listen to anyone outside of our point of view. Adversaries become enemies far too easily. Those who should know better, willfully blind themselves to embrace the passion of their vitriol.
Read 14 tweets
Today is the 316th anniversary of the 47 Ronin's assault on Kira Yoshinaka's mansion at Edo to avenge their fallen Lord Asano.
The historical account, which has passed into legend, is a story about service, responsibility, and the true nature of correcting failure.
The actual story of the precipitation of Lord Asano's ordered seppuku has been spun in adaptations. The work by his retainers, the Samurai who became Ronin, to plan, prepare, and be patient and wait for their opportunity is a lesson for both #infosec attackers and defenders.
Read 9 tweets
Contingency.

A must for #infosec institutional defenders (and everyone else).

Thread.
"Always have an escape plan."

"Emergency landing plan B."

" ... already working on plan's A, B, through Z."

Life happens. Things go wrong. Are you ready for that?
I will use a real life parable.

I was making homemade pizza puffs for our holiday potluck this morning. I had split up the prep between last night and this morning, browning and seasoning the sausage last night. Today was assembling and baking the puffs.
Read 17 tweets
So, @AerServ are trying to cover up that they've had a breach. I was notified that I was in it via @haveibeenpwned and when reaching out to them, they denied that they have any data on non-registered users or that they've even had any breaches! #infosec [1/12]
After receiving the notification from HIBP, and seeing the type of data involved in the breach - I instantly wanted to know how they could have got data of mine. My mobile usage is not much further on than it was when I was using a Nokia 5110, so no questionable apps. [2/12]
I reached out to them with a subject access request, to get a copy of the data they hold about me, despite not having registered for their services (see screenshot) [3/12]
Read 12 tweets
I kinda feel like there's an #infosec equivalent to Brooks's Law: hiring more infosec people does not make an organization (or project) more secure. Likewise, mirroring complexity, I think we have accidental as well as essential insecurity.
We often measure #infosec team success or impact via navel gazing: how many vulnerabilities we identified, how many open ports we found, how many AWS tokens we found in git.
The remedies? Build more tools to detect more stuff, deploy more agents, create more dashboards, tickets, metrics. All that requires more people, so our headcount requests go up.
Read 11 tweets
The #aabill is incredibly short-sighted & luddite. Even if the AU Gov. can coerce tech companies to backdoor encrypted messaging platforms, nothing's going to stop people from resorting to using free & opensource #crypto software like @GnuPG! #auspol bit.ly/2QbxUor 1/
Popular #crypto software is trusted because it's been written & vetted by members of a decentralized #opensource community which you can't coerce. If you want to make it illegal to possess @GnuPG in Australia because you can't backdoor it, then you'll kill the IT industry. 2/
Software devs/engineers use #crypto daily to safeguard the apps & systems we code & run against malicious tampering. The #InfoSec community also needs to be confident it can discuss and coordinate responses to security vulnerabilities before they can be patched in private. 3/
Read 11 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!