Mini Blue Team Diaries story:

There was a break-in over the weekend at one of our US offices. We occupied one floor of a shared office building, and two crooks managed to get in by going to an open floor above ours and breaking a lock on the fire escape.

Rather brilliantly, a building security guard was doing rounds and actually caught the pair stuffing iPads from conference rooms into a rucksack. However, when challenged they claimed to be employees and were left alone.

Anyway they ended up with about a half dozen iPads from Zoom rooms. Annoying but not the end of the world.

Those iPads were clearly sold on, as they were connected to an MDM server and started to pop up in locations all over the city over the course of the next week.

One of them was especially interesting. Because it was connected to our MDM Apple ID, it was syncing files to iCloud. This included photos. We noticed a lot of selfies of one particular dude show up. The dude looked a lot like one of the guys who we’d seen in our office on our security cameras. Yup.

We of course passed on all the information, including the location of the selfie generating iPad, to law enforcement.

I wish there was a more interesting ending - but they never followed up on the lead, of course. So the iPads lived on, slowly filling up with various photos and memories from the crook and the people they’d been sold on to.

Read more, slightly less mini stories, at infosecdiaries.com

#DFIR #infosec #InfoSecDiaries #BlueTeam

Mini Blue Team Diaries story:

There was a break in over the weekend at one of our US offices. We occupied one floor of a shared office building, and two crooks managed to get in by going to an open floor above ours and breaking a lock on the fire escape.

Rather brilliantly, a building security guard was doing rounds and actually caught the pair stuffing iPads from conference rooms into a rucksack, however, when challenged they claimed to be employees and were left alone.

Anyway they ended up with about a half dozen iPads from Zoom rooms. Annoying but not the end of the world.

Those iPads were clearly sold on, as they were connected to MDM and started to pop up in locations all over the city over the course of the next week.

One of them was especially interesting. Because it was connected to our MDM Apple ID, it was syncing files to iCloud. This included photos. We noticed a lot of selfies of one particular dude show up. The dude looked a lot like one of the guys who we’d seen in our office on our security cameras. Yup.

We of course passed on all the information, including the location of the selfie generating iPad, to law enforcement.

I wish there was a more interesting ending - but they never followed up on the lead, of course. So the iPads lived on, slowly filling up with various photos and memories from the crook and the people they’d been sold on to. We could’ve locked them or bricked them, but this was more fun.

Read more, slightly less mini stories, at https://infosecdiaries.com

#DFIR #infosec #InfoSecDiaries #BlueTeam

🚨 Must-Read for Cybersecurity Enthusiasts! 🚨

📘 The InfoSec Diaries 📘 – a riveting series of short stories that plunge you into the heart of real-life Information Security adventures. From the high-stakes world of Pen Testing and Blue Teaming to the meticulous detail of Digital Forensics, these tales offer an unprecedented look behind the scenes of cybersecurity's most thrilling operations.

🔍 Why Read The InfoSec Diaries?

Real-Life Scenarios: Explore authentic stories based on real incidents and challenges faced by professionals in the field.

Diverse Perspectives: Whether you’re rooting for the defenders in Blue Teaming, strategizing alongside Pen Testers, or uncovering truths with Digital Forensics, there's a story for every cybersecurity enthusiast.

Learn and Grow: Each story is not just a narrative but a lesson in cybersecurity practices, vulnerabilities, and defensive tactics.

📚 Perfect for both seasoned professionals and newcomers to the field, The InfoSec Diaries serves as both a learning resource and an exciting dive into the depths of what it means to protect the digital world.

🔗 Dive into the adventure now: https://infosecdiaries.com

#InfoSecDiaries #Cybersecurity #PenTesting #BlueTeaming #DigitalForensics #InfoSec #SecurityAwareness