B'ad Samurai 🐐

@badsamurai@infosec.exchange
226 Followers
121 Following
1.2K Posts
#securty #automation #soar #iac and #tay
Webhttps://badsamurai.dev
GitHubhttps://github.com/BadSamuraiDev
Verificationhttps://www.badsamurai.dev/mastodon-verification
Gravatarhttps://gravatar.com/badsamuraidev
Pronounshe/him
DogsAn old clever "mini" golden and blind black lab-ish pup
Show threadB'ad Samurai 🐐4h ago
@cR0w I hope when they re-align to OCSF the DMs will get an overhaul. Email is just trash. I always modify the DMs with panache. Once you tear off that bandaid it gets fun. My Web now contains geo, TLD and custom flags (double hyphens, lots of hyphens, word list lookups, UA list lookup, email in URI, etc)
B'ad Samurai 🐐5h ago

Since DNS is on πŸ”₯ today I should note if you're a Splunk shop, the DNS data model in Enterprise Security does not include the field for TXT record values, you need to add that manually.

Then you can do high-fidelity detections such as length and base64 with conversions looking for code.

#dns #splunk #blueteam

B'ad Samurai 🐐6h ago
Prof. Sam Lawler7h ago
Most of the goats are ready to go into the barn for the night and are quite attentive. Except for a little grey goat named Mercedes, who instead decided to do a little dance on the back of the horse, who happily agreed to a free back massage.
Show threadB'ad Samurai 🐐9h ago
@pmevzek @pgl just went through the slides and that looks like a great presentation! Thank you.
B'ad Samurai 🐐10h ago

DNS TXT isn't just for malware, C2s and exfil. It can be fun too!

  • ASCII art (Resolve-DnsName -Type TXT run-dns.never.watch).Strings | Sort
  • Storing encodings 🐱.never.watch
  • Mazes! (Resolve-DnsName -Type TXT maze.never.watch -Server 9.9.9.9).Strings | Sort
  • QR codes (Resolve-DnsName -Type TXT qr.never.watch -Server 9.9.9.9).Strings -replace '#','β–ˆ' | Sort
  • Trolling/activism Β·Β·β§ΈΒ·Β·β§Έ.never.watch
  • Guitar tabs
  • Playlists/reading lists
  • Geocities-era guest books

#dns

Show threadB'ad Samurai 🐐15h ago

@JessTheUnstill that's a great analogy. Seattle famously had this new 25-story construction torn down due to prohibitively expensive repairs of critically important tendons.

https://en.m.wikipedia.org/wiki/McGuire_Apartments

McGuire Apartments - Wikipedia

Show threadB'ad Samurai 🐐16h ago

@Epic_Null the IT business model is outdated and sick. And we've chosen to get high and addicted to AI codeine to dull the pain and push through instead of chosing health and wellness.

Doesn't have to be this way. I really liked this talk @TindrasGrove did and hope all cyber (and IT) professionals give it a watch.

https://m.youtube.com/watch?v=PqjBbH-vpl4

HammerCon 2025: Amanda Draeger - Cyber is a Social Science

YouTube
Show threadB'ad Samurai 🐐18h ago
@Epic_Null currently, every time I join a Teams call it kills my audio driver, requiring a service restart. So I made a PowerShell instead of calling service desk.
B'ad Samurai 🐐19h ago

HTTP referrer is one of my favorite fields in SASE/proxy logs. You get a glimpse of behavior and reasoning.

Why did this user try to download an RMM?

User Googling: How to move files between Macs

That lead the user to weird AI slop blog pointing at an RMM. "Wish they'd just ask," you think.

But users prefer Googling/LLMing over talking to their IT departments, browsing outdated KBs with broken links, and using esoteric software centers.

Show threadB'ad Samurai 🐐19h ago

@cR0w @neurovagrant @dangoodin @arstechnica

Is the resurgence because APIs to DNS now make this real easy? (It's why I do DNS shenanigans) And do you believe there's a readily available script/.tf/cloud formation template running around in a telegram channel?