@douglevin @PogoWasRight @brett @funnymonkey Interesting, It might not be the perfect solution, but in all fairness I think it could be a great start. I've seen quite a lot of compromised K-12 email accounts from school districts across the United States. Something like PDNS could be the answer to stopping the bulk of their users from giving up their credentials depending on the provider's threat intelligence capabilities. It's not and shouldn't be their only answer to stopping phishing and other malware such as ransomware, but a federally funded PDNS product for K-12 (that's properly configured!) could do wonders in my opinion.
Xaikhal
- 7 Followers
- 58 Following
- 131 Posts
Cyber Hall Monitor at $edu.
@haveibeenpwned Is there any idea how old the credentials are, or at least how old the data that was obtained is?
@lindsey Your base OS can be whatever you're comfortable with, but the specs are going to depend on what the curriculum of the program is. If you have a lot of technical classes, you're going to want hardware that can support the VMs needed. Shoot for at least an i5, 6GB+ of RAM, and at least 500GB SSD. If it were me doing it again, I'd shoot for something with an i7, 16GB of RAM, and 1TB SSD. Good luck!
@briankrebs Crazy that we've come full circle with this, but there has to be some sort of middle ground without customers constantly being taken advantage of. If they're not careful, the new generation is about to learn the pains of xxxx.mp4.exe.
Has anyone that's following #HuntersInternational figured out what the attack vector is yet? Is the group relying on exploits or phishing emails/droppers?
@briankrebs Give us the details!
@GossiTheDog This is cringe af
@jrdepriest lol that's a fair point, I'm not a malware analyst and I'm unfamiliar with their TOS. If it's not strictly prohibited anywhere, you could always isolate your VMs and then lock down the local firewalls to observed c&c traffic from whatever sample you're working with. You're way ahead of me and have likely thought of that already, but wanted to chime in.
@jrdepriest I don't know of anything that doesn't have a time limit (I'm interested too). Have you considered building your own with Azure or AWS? Any.run is great for what it is, but enterprise plans are capped at 20 minutes per session.
@bdimcheff Thanks!