#InfoSec #Cybersecurity #threatintel and Politics. I try my best.
Also @[email protected]
Searchable
| Verified by Twittodon | https://twittodon.com/share.php?t=Deepthoughts10&[email protected] |
| Find my toots | Tootfinder |
RE: https://mastodon.social/@verge/116212236350531341
This shouldnāt baffle anyone. This is a transactional administration and clearly the right people were paid off. #uspol
RE: https://infosec.exchange/@patrickcmiller/116210592807071943
Here are some controls to put in place to prevent this attack from happening to you:
- Block ISO file extensions from being emailed to your users
- Prevent downloads of ISO files from untrusted sites (such as consumer friendly file storage services)
- Change your Windows File Explorer settings to associate the .ISO file extension with Notepad.exe so it wonāt auto mount when double-clicked
#cybersecurity
What are Out-of-band Application Security Testing (OAST) domains? Out-of-band application security testing (OAST) is a method for finding exploitable vulnerabilities in a web application by forcing a target to call back to a piece of infrastructure controlled by the tester. OAST domains (sub-domains most often) are often free and hosted by OAST tool providers like interact.sh. What happens when something is free on the Internet? It gets abused.
Letās make tOAST of the most commonly abused OAST domains! @greynoise has an in-depth writeup on recent campaigns using OAST infrastructure.
OAST Domains/Provider:
All 33 campaigns use Interactsh
5,560 unique callback sub-domains observed
Block these domains to stop these attacks: oast.pro, oast.live, oast.fun, oast.me, oast.site
https://www.labs.greynoise.io/grimoire/2026-02-20-weekly-oast-report/
GreyNoise observed 3,882 sessions from 24 unique IPs across 33 Interactsh OAST campaigns targeting the GreyNoise Global Observation Grid between February 14-20, 2026. Unlike previous weeks where multi-IP campaign clusters dominated, this weekās activity consists entirely of single-IP operations, with every campaign mapping to exactly one source IP. Two Censys-confirmed bulletproof hosting providers (Private Layer, RouterHosting/Cloudzy) anchor the high-priority infrastructure, while a commercial VPN exit node (AnchorFree/Hotspot Shield) and a Russian-registered entity operating through French hosting add attribution complexity.
Microsoft Authenticator is about to wipe work accounts from jailbroken/rooted phones automatically š.
No IT config needed. š„
3-phase rollout starting Feb 2026:
ā ļø Warn ā š« Block ā šļø Wipe
Let your help desk and security teams know.
RE: https://infosec.exchange/@ScumBots/116195646833821026
Come āon now?!? Who still doesnāt have *.ngrok.io blocked? Ngrok themselves donāt even recommend using this domain any longer. #cybersecurity
RE: https://mastodon.social/@campuscodi/116194688591162933
Security firm Bitdefender has an in-depth report on the latest TTPs and #IOC ās used by an APT group, shared by Catalin below. You may not be targeted by this group, but they use the very common technique of Living off Trusted Services. One highlighted in this report is Discord. I strongly agree with Bitdefenderās advice of controlling or blocking access to Discord. Another service mentioned is the file-sharing service tmpfiles.org ā limit or block access to that too. #cybersecurity #threatintel
š„ Watch the video recording of the Panel Discussion : āAdversarial mindset, thinking like an attacker is no longer optionalā, from Adversary Village at @defcon 33 Creator Stage.
š¤ Panelists:
Bryson Bort-CEO and Founder of Scythe,
Anant Shrivastava-Founder and Chief Researcher, Cyfinoid Research &
Gordon āFizzleā Boom-Lieutenant Colonel - US Air Force.
Moderator: @abhijithbr "Abx"-Founder of Adversary Village at DEF CON
https://www.youtube.com/watch?v=PZLmzbyYs2g
#AdversaryVillage #DEFCON33 #AccessEverywhere
#AdversaryTactics #AdversaryEmulation
Chicago Blackhawks š¤
Merill Fernando 
Adversary Village