We (@greynoise) have some shiny new toys for folks today!

— IP Timeline (https://www.greynoise.io/blog/introducing-ip-timeline) • see the history of what an IP address was doing
— ML model driven IP Similarity (https://www.greynoise.io/blog/introducing-ip-similarity) • get a leg up on attackers by catching similar ones exhibiting the same behaviors

Rly proud of all the GNoids who made this possible.

Today @WhiteHouse & @ONCD released the National CyberSecurity Strategy

Important shifts:
- Rebalancing responsibility to defend cyberspace to those most capable of defense (incl Software liability)
- Realigning incentives to favor long term investments

https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf

This document builds on previous work & also provides an important shift leveraging lessons learned, a mission the Cyber Safety Review Board was created to support.
Good to see a commitment from the @WhiteHouse to codify CSRB with Congress & grant us more authority to investigate

I am so super happy to announce I am a keynote at #BlueHat Israel this month in Tel Aviv. It’s will be my first trip there, so I’m super excited to meet the community in person!

https://www.microsoftrnd.co.il/bluehatil/home

https://twitter.com/BlueHatIL/status/1631325342236393472?s=20

TIL Microsoft calls them "NT hashes" or "Unicode hashes", not "NTLM" hashes. "NTLM" refers to the authentication protocol, not to the hash itself.

https://learn.microsoft.com/en-us/services-hub/health/remediation-steps-ad/prevent-storage-of-lan-manager-password-hashes

https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/prevent-windows-store-lm-hash-password

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/7b2aeb27-92fc-41f6-8437-deb65d950921#gt_7eb5bce8-bdc5-4d61-a3d9-263ada14ba1f

h/t: Roger Grimes

New blog post out: Passwordless Persistence and Privilege Escalation in Azure.

Link: https://posts.specterops.io/passwordless-persistence-and-privilege-escalation-in-azure-98a01310be3f

In this blog post I explain how new passwordless authentication mechanisms like Azure's Certificate Based Authentication can be subverted by adversaries to establish long-term stealthy persistence, and explain a built-in privilege escalation primitive that exists in CBA.

We are excited to join infosec.exchange

We will be posting all our announcements, updates, and social content here, as well as other platforms, and look forward to great interactions with the community here.