Organizing thread! As I clean up my office, my latest project has been organizing stickers. Several got ruined because they were so disorganized. ☹️ I started with some drawer organizers I had, thinking they'd work...then I realized there was so much wasted space on the shelf!
I've been on a "drawer" kick, so I ordered another set of small drawers that I previously got to organize hardware/screws. Viola! So much better! I like to use dry erase markers first, then live with it for a bit before making permanent labels. Oversized stickers go on top.
Of course, my methodology (h/t @thehomeedit) was to take all my stickers out and then categorize them. I quickly discovered I have a "reserve" collection of special stickers I want to hold on to.
I also added a "dump" container where I can just throw stickers after cons (someday...). The blue thing is a coupon organizer I got last year that I use to keep stickers organized when traveling.
As I was cleaning my office, I found I didn't want to get rid of business cards, because they often hold memories of good times with people. So, I made a box for the ones I wanted to hold on to. Those sit next to my stickers with my own biz cards.
Currently on the bottom of the bookshelf is a few binders of resources and some of my SANS books. Yes, you should be afraid of this combo. 😂 BTW, the bookshelf is one that my dad made with my brothers like 30 years ago! I try to reuse old things when I can.
I've found organizing is a hobby I really enjoy. It gets me moving around (off my phone) and gives me a fun challenge. I really enjoy trying to figure out the best way to organize! When I'm done, I have a system that makes me feel happy and calm. Any other organizers out there???
• • •
Missing some Tweet in this thread? You can try to
force a refresh
A brief thread on the @CrowdStrike blog on SUNSPOT...as I read it. This confirms CrowdStrike was one of SolarWinds' IR firms, which we'd heard rumblings of before.
Why do I talk about naming things so much? This is why! CrowdStrike DOES NOT CALL THE ADVERSARY A BEAR. They call this an activity cluster named StellarParticle. This is important. It's also important to note that this is a different name than Solorigate...
Choosing their own name was a good analytic decision by CrowdStrike because they control what is defined as StellarParticle. So what I would say is that StellarParticle and Solorigate overlap, but they are clusters tracked by two different companies. (see )
I've been trying to process the Capitol riots for days. @nytdavidbrooks' Friday commentary helped me work through what I feel. He noted how the Capitol is usually treated with reverence. That's how I acted when I was there. I spoke quietly and took time to reflect...
...on what the building and our democracy mean. To see rioters completely disregard and disrespect that disturbs me on a deep level. It felt like the low point of a slow decline of our democracy over the past 4 years. It felt surreal and like it wasn't the country I know & love.
I mourn the lives lost and wish their loved ones peace. I also mourn how far our democracy has fallen. We've all watched as it's happened, little by little, and I personally have felt helpless, even as I tried to take small actions.
I'm generally a pretty positive person, but it's Festivus, so let's blow off some steam and air our #threatintel grievances. Threat intel feeds are just data feeds, they're not threat intel. Please stop naming groups after malware, it's confusing AF.
A threat of thoughts + actionable detection ideas from the latest Microsoft #Solorigate post...microsoft.com/security/blog/… ... this is a sweet diagram and hopefully helps make clear the different ways you could be impacted. Not every victim makes it past initial C2.
I think a lot of this we already knew, but lmk if there are nuggets in here that popped out.
Another super helpful explanation of the DGA C2 domains. I love the MS graphics people.
.@Robert_Lipovsky kicking off with something I believe as well...crimeware is a greater threat to most orgs than state-sponsored threats. Even this week!
Many cyber crimes involve different jurisdictions - rarely is adversary infrastructure all in the same country, so law enforcement and private industry have to cooperate globally.
I'll attempt to live tweet this awesome webcast from @Wanna_VanTa and @x04steve on Ryuk and UNCs behind them! Roughly 1/5 ransomware intrusions have been related to Ryuk. @Mandiant@sansforensics
Tracking Time to RYUK! This is a good metric to track as much as you can.
So what's an UNC? UNC = "uncategorized" - a way to cluster unique activity that is fundamentally related. They're "labels" or "buckets". UNCs might become FINs or APTs someday, but that requires time.