βπ| https://twitter.com/UK_Daniel_Card | |
| WEBSITE | https://www.pwndefend.com |
| BLOG | https://www.pwndefend.com/blog |
| https://www.linkedin.com/in/dancard/ |
Threat Actors Attacking Office 365
######################
IdentityLogonEvents
| where TimeGenerated > ago(90d)
| where ActionType == "LogonFailed"
| where LogonType == "OAuth2:Token"
| summarize count() by bin(TimeGenerated, 1d), AccountName
| render columnchart
#######################
Found some baddies!
https://twitter.com/UK_Daniel_Card/status/1612615504044105728?s=20&t=VD7X0eCe4Sne3xOpu2sltg
ransomware defence aide...
work backwards from totally fucked and see what you can do to prevent or reduce the impact/likeylhood
CYBER LASERS GO BRRRRRRRRRR
200K sites in 20 minutes!
Take Target List 
β
Carve it Up πͺβ
Run POWERSHELL JOB βΆοΈβ
each job uses ASNC HTTP requests π«β
Make Tea π΅β
So I'm downloading "THE ENTIRE INTERNET" - i know amazing right #lulz
and every once in a while I'm finding sites the HTML source detects as:
Name: Trojan:Script/Wacatac.H!ml
Name: Backdoor:PHP/Remoteshell.B
A few of these are detections form inside KALI . ISO file but lots of these are WEEEEBS