blake
- 126 Followers
- 91 Following
- 111 Posts
Cyber Threat Intelligence @Mandiant, now part of Google Cloud. Fmr CrowdStrike. Hoya Saxa, FSD
Joe Słowik
invoke-ericfor all my fellow #jupyter fans hunting phishing pages, here is a simple notebook to query the #urlscan API (including the Pro API) and output a DataFrame https://github.com/invoke-eric/jupyter/blob/main/urlscan_public.ipynb
semantic rant: the proper grammar is pro-Russia, *NOT* pro-Russian—hacktivists simp the state, not the language
kudos to @jfslowik for writing blogs the same way he writes documentation: unabashedly organized and to the point:
https://www.huntress.com/blog/investigating-intrusions-from-intriguing-exploits
Zach DorfmanNot a particularly incisive observation, but: the prominence of the Wagner Group in Ukraine is evidence of the weakness of the Russian state. No strong, advanced military would allow the usurpation of core functions to a warlord group used as a parallel power center by the state’s leader.
what people don't seem to realize about defanging indicators of compromise is that, actually, you're allowed to do it however you want, including 127.0.0[.]1 but also 127[.not]0[.fucking]0[.malicious]1
JUST BECAUSE THE MALWARE WAS REMOTELY HOSTED ON A LEGITIMATE RESOURCE-PUBLISHING DOMAIN DOESN'T MEAN IT WAS A SUPPLY CHAIN ATTACK IF THE DOMAIN IS OPEN SOURCE