Cypho’s Post

Wow. This Pacific Rim report from Sophos is mind-blowing, detailed, and terrifying. Tracking a threat actor, implanting the device they're doing vulnerability research on, and collecting telemetry/IOCs is an insane 4D chess move. Hats off. https://lnkd.in/eiWrPwqu The timeline paints an incredible accurate picture of how nation states and (nation state adjacent) conduct operations. The deliberate shift of using traditional and often noisy/automated TTPs to obtain devices used for relays into low and slow hands on keyboard TTPs when conducting sophisticated operations is eerie. https://lnkd.in/e_9rihk3

I'm thrilled to share that I've successfully completed a Sigma room! Diving into the intricacies of Sigma rule syntax has been a fascinating experience, revealing the power of standardized detection rules across different SIEM systems. Throughout this process, I've gained valuable insights into how these rules can be practically applied to detect various types of attacks on machines. From identifying suspicious PowerShell commands to recognizing patterns indicative of privilege escalation attempts, I've seen firsthand how effective Sigma rules can be in enhancing our security posture. 🔐💻 #CyberSecurity #SigmaRules #AchievementUnlocked #LearningJourney #SIEM #ThreatDetection

Air gapping your Critcal infrastructure no longer viable? Not true, but you have to assume you need to fortify your “Air gapped” assets…… “Think Smart, Fight Smart, Win Smart” “The practice of air gapping is typically reserved for the most sensitive networks or devices connected to them, such as those used in systems for voting, industrial control, manufacturing, and power generation. A host of malware used in espionage hacking over the past 15 years (for instance, here and here) demonstrate that air gapping isn’t a foolproof protection.” #cybersecurity #CIP https://lnkd.in/e9tGEE8W

Hello LinkedIn community 🔍 Just completed the #SigHunt challenge on TryHackMe! Tasked with creating detection rules based on new threat intelligence, this room provided hands-on experience in crafting Sigma rules. In this scenario, I acted as a Detection Engineer, crafting Sigma Rules based on the Indicators of Compromise (#IOCs) collected by Incident Responders. Room Objectives: - Gain practical experience in creating detection rules. - Act as a Detection Engineer to craft Sigma Rules based on collected #IOCs. #SigHunt #CyberSecurity #TryHackMe #SigmaRules #ThreatDetection #IncidentResponse #InfoSec #LearnByDoing #CyberTraining #CyberWarrior #SecurityAwareness #DigitalDefender #ITSecurity #OnlineLearning #CyberOps #InfoSecCommunity #TechSkills #LearningIsFun

Combatting the Evolving Threat of Traffic Distribution Systems 🚨 Cybercriminals are refining their use of Traffic Distribution Systems (TDS) to spread malware through deceptive redirects. Understanding these methods is key to strengthening your defense. Robust threat intelligence and proactive measures can help safeguard your network against these complex attacks. Here's JMXi can help keep your business safe: https://lnkd.in/e4F7Jj9Q #Malware #CyberThreats #NetworkSecurity #TampaBayTechnology #CyberSecurity #ManagedServices

🔍  Just completed the #SigHunt challenge on TryHackMe! Here's a glimpse into my learning adventure: - Explored threat detection fundamentals and Sigma rule creation. - Utilized the SigHunt interface to craft detection rules based on real-world IOCs. - Enhanced our organization's threat detection capabilities through rule creation. - Participated in simulated incident response scenarios, applying Sigma rules effectively. Massive thanks to TryHackMe for this immersive SigHunt experience! Excited to apply these skills in bolstering our organization's cybersecurity defenses. 🔍💻🔒 #SigHunt #CyberSecurity #TryHackMe #SigmaRules #ThreatDetection #IncidentResponse #InfoSec #LearnByDoing #CyberTraining #CyberWarrior #SecurityAwareness #DigitalDefender #ITSecurity #OnlineLearning #CyberOps #InfoSecCommunity #TechSkills #LearningIsFun

🔥 SIGHUNT challenge is complete 🔥 This challenge engages in writing practical sigma rules in the detection of the phases of a case-study ransomware program, including detecting files in the ransomware's extenstion, spotting commands with malicious porpuses and detecting persistance registry-key modification. #cyber #cybersecurity #soc #sigma #rules

EDRPrison: Borrow a Legitimate Driver to Mute EDR Agent https://lnkd.in/drSP7_zB #cyberattack #cybersecurity #informationsecurity #hacking #penetrationtesting #cybercrime #ransomware #ransomwareattack #malware #apt #threatintelligence #cyberthreatintelligence #darkweb #darkwebmonitoring #EDRPrison

Check out the latest research from James Barnett and our Infoblox Threat Intel team around registered domain generation algorithms (RDGA) and a new threat actor we call Revolver Rabbit. 🐰 #dns #threatintel

New safety functions in the new VISOR® Software Update Another highlight in the VISOR® Software Update is the newly introduced device password protection, meeting the security requirements of an increasingly connected production environment. This protection mechanism ensures that only authorized users have access to device settings, thus protecting against unwanted access and cyber threats. Find out more about the new software update: https://lnkd.in/eNHS3x_c #SensoPart #VISOR #SoftwareUpdate #Innovation #IndustrialAutomation