Twas the night before Christmas and all through the house
Not a creature was stirring, not even a mouse (jiggler, to prevent the screen from locking)
The dongles were hung by the chimney with care
In hopes that no APT zero-days would be there
1/n
Not a creature was stirring, not even a mouse (jiggler, to prevent the screen from locking)
The dongles were hung by the chimney with care
In hopes that no APT zero-days would be there
1/n
The children were browsing using incognito mode
While visions of insecure IoT toys danced in their heads;
And mamma with her BYOD laptop, and I with my tablet,
Had just settled down and hibernated our devices,
2/n
While visions of insecure IoT toys danced in their heads;
And mamma with her BYOD laptop, and I with my tablet,
Had just settled down and hibernated our devices,
2/n
When on the domain there arose an attack of shatter ,
I sprang from the SOC to see what was the matter.
Away to the window I flew like a flash (and was immediately exploited by an 0-day),
I tore open the shutters and yelled “uninstall Flash.”
3/n
I sprang from the SOC to see what was the matter.
Away to the window I flew like a flash (and was immediately exploited by an 0-day),
I tore open the shutters and yelled “uninstall Flash.”
3/n
The LCD screens on the breast of the new-fallen snow
Gave type-confusion bugs to the objects below,
When, what to my wondering internet connected CCTV with default passwords should appear,
But a miniature sleigh, and eight tiny reindeer,
4/n
Gave type-confusion bugs to the objects below,
When, what to my wondering internet connected CCTV with default passwords should appear,
But a miniature sleigh, and eight tiny reindeer,
4/n
Twas an unsigned device driver (it must be a trick),
I knew in a moment it wasn’t the real St. Nick.
More rapid than a SOF-ELK query his coursers they came,
And he queried, and correlated, and called them by name;
5/n
I knew in a moment it wasn’t the real St. Nick.
More rapid than a SOF-ELK query his coursers they came,
And he queried, and correlated, and called them by name;
5/n
"Now, Encase! now, FTK! now, Sleuth Kit and Autopsy!
On, RegRipper! on Rekal! on, Plaso and X-ways!
To the top of the queue! to the top of the wall!
I use better software than Geek Squad, you can’t buy it at the mall!"
6/n
On, RegRipper! on Rekal! on, Plaso and X-ways!
To the top of the queue! to the top of the wall!
I use better software than Geek Squad, you can’t buy it at the mall!"
6/n
As MD5 hashes that before the wild hurricane fly,
When they meet with a collision, they mount to /dev/loop0,
So off to the court house Fedex couriers flew,
With the sleigh full of hard drives, and St. Nicholas too.
7/n
When they meet with a collision, they mount to /dev/loop0,
So off to the court house Fedex couriers flew,
With the sleigh full of hard drives, and St. Nicholas too.
7/n
And then, in a twinkling, I saw on the roof
A hidden iframe concealed under a cute little hoof.
As I drew in my hand, and was turning around,
Down the SSH tunnel St. Nicholas came with a bound.
8/n
A hidden iframe concealed under a cute little hoof.
As I drew in my hand, and was turning around,
Down the SSH tunnel St. Nicholas came with a bound.
8/n
He was dressed all in FANCY BEAR fur, from his head to his foot,
And the attackers exfiltrated data with an FTP PUT;
It was really unfortunate, the attackers they hack,
Strcpy, memcpy, corrupting the stack.
9/n
And the attackers exfiltrated data with an FTP PUT;
It was really unfortunate, the attackers they hack,
Strcpy, memcpy, corrupting the stack.
9/n
His eyes -- how they <blink>! Be immediately wary!
Santa don’t allow BYOD, the outcomes are ultra scary!
The phishing links were very convincing, “free tickets for the show,”
And the number of clicks filled Santa with woe;
10/n
Santa don’t allow BYOD, the outcomes are ultra scary!
The phishing links were very convincing, “free tickets for the show,”
And the number of clicks filled Santa with woe;
10/n
The stump of a pen he held tight in his teeth,
And the smoke from his ears encircled his head like a wreath;
Santa saw the that attackers used psexec,
@markrussinovich was so filled with rage that he said “what the heck?!”
11/n
And the smoke from his ears encircled his head like a wreath;
Santa saw the that attackers used psexec,
@markrussinovich was so filled with rage that he said “what the heck?!”
11/n
He took a compressed .E01 image, a right jolly old fool,
And I cried when I tried to mount it with any other tool;
A wink of his eye and a copy of NTUSER.DAT registry hive,
He knew that in time he would image that drive;
12/n
And I cried when I tried to mount it with any other tool;
A wink of his eye and a copy of NTUSER.DAT registry hive,
He knew that in time he would image that drive;
12/n
He spoke not a word, but went straight to billable work,
Inspecting the suspect’s browsing history, he said “this guy is a jerk,”
And checking his MFA token to avoid account takeover woes
And giving a nod, up the VPN tunnel he rose;
13/n
Inspecting the suspect’s browsing history, he said “this guy is a jerk,”
And checking his MFA token to avoid account takeover woes
And giving a nod, up the VPN tunnel he rose;
13/n
He sprang to his sleigh, to his team gave a whistle,
Then hacked the C2 system for a North Korean missile.
But I heard him exclaim, ere he drove out of sight,
HACKY CHRISTMAS TO ALL, AND TO ALL A GOOD-NIGHT!
14/14
Then hacked the C2 system for a North Korean missile.
But I heard him exclaim, ere he drove out of sight,
HACKY CHRISTMAS TO ALL, AND TO ALL A GOOD-NIGHT!
14/14
