☥ dark surrealist. chthonic brewing of cybernetic witchery; ardently striving for success in threat intelligence.
spamton and ENA live inside my head rent-free.
| github | https://github.com/dreamleak |
| rotting twttr | https://twitter.com/gothparadigm |
| stay tuned! | my blog is under construction.~ |
| resuming activity soon | thank you for your patience. |
bluenomicon → equipped☆!
as if i weren't obsessed enough over both the title and blue team-centric content when it was initially announced. now that i own a copy, i'm swooning over the tasteful art direction and blurb. the latter delightfully reads like a necromantic page from a grimoire, given the book's admirable nod to esotericism. my grim soul is pleased!
earlier this morning, i received an e-mail from cangkg_cfrxpusd[@]onepieceluffydemonkeyy[.]onmicrosoft[.]com that obviously bypassed spam filters, seeking the "winner of a dick's sporting goods backpack cooler" with an embedded image hyperlink that painfully reeked of a phishing URL redirection. i was somewhat amused by the one piece reference in the e-mail address, so i sent the link over to virus total, who initially did not pop any malicious flags; however, did confirm multiple redirections cloaked beneath a wix domain. https://www.virustotal.com/gui/url/6c9ca60ee59f3c72805cc496dbcc035ff1ba4c06c51da52a0e22ac0be2e1eddd?nocache=1
it wasn't until URLscan exposed the underlying culprit domain: whiskerslope[.]online
the full URL: hxxps://whiskerslope[.]online/?s1=351672&s2=991407680&s3=1782&s4=1710&ow=&s10=739
URLscan results: https://urlscan.io/result/98eb0b93-af11-4465-a28f-966c3fcd0713/
also, at the time of writing this, talos intel has the domain's reputation marked as questionable.
of course, there is no one piece here — only life's perilous dregs.
it's admirable how profound the realistic, hands-on approach is for this game. seriously, KC7 exceeded my expectations. i'm applying sought-after analytical skills like uncovering malicious activity by pivoting data! 
​
look, ma', i'm learning kusto~!
getting my hands dirty with real-time data analysis through the medium of azure data explorer.
massive shoutout to KC7's training simulator; notably presented during last month's sans new2cyber summit.
after reviewing my common ports and protocols notes, i decided it would be fun to take a quiz.~! eager for the day i'll be translating this from theoretical to practical knowledge.
note to self about the two incorrect answers: due to its real-time monitoring nature, SNMP communicates efficiently over UDP via port 161. otherwise, if traps are sent out: port 162.
in my recommendation feed, i noticed yet another youtube channel fell victim to the ongoing tesla and openai cryptocurrency scams. upon verifying, this swindle is held behind a freshly created domain, as per today; (tuesday, march 28, 2023): tslaevent[.]net
in addition, talos intel has naturally reported the aforementioned phish as untrusted, adding it to the blocklist. https://www.talosintelligence.com/reputation_center/lookup?search=tslaevent.net#whois
determining MTU (maximum transmission unit) with ping command!
zsh, (left): -D prints timestamps and -s symbolizing packet size (without exceeding 1500 bytes, as per ethernet frame standard.)
powershell, (right): -f sets DF (do not fragment) flag in IP header. this option prevents decreased speed performance and packet loss. -l, much like its linux equivalent -s, defines echo request packet length.