Keith W. McCammon

@[email protected]
28 Followers
88 Following
9 Posts
Co-Founder, Red Canary
Webhttps://kwm.me
LinkedInhttps://www.linkedin.com/in/keithmccammon/
Twitter@kwm
Keith W. McCammonApr 1, 2025
Kevin BeaumontMar 21, 2025

Somebody is claiming to have exfiltrated 6 million lines of data with Oracle Cloud’s SSO and LDAP that includes JKS files, encrypted SSO passwords, key files and enterprise manager JPS keys from servers on login.*.oraclecloud.com

The poster has no prior reputation, it is unclear if they're LARPing. Some of the sample data does align with prior infostealer logs, I'm told. https://breachforums.st/Thread-SELLING-Oracle-cloud-traditional-hacked-login-X-oraclecloud-com

#threatintel

BreachForums

Keith W. McCammonJan 15, 2025
Cybersecurity stat of the day: The average delta (in years) between CVE assignment and addition to the CISA Known Exploited Vulnerability (KEV) catalog is 2.8 years. 🤯
Keith W. McCammonDec 8, 2024
A script that logs @objective_see OverSight (macOS camera and microphone monitor) events to a file: https://github.com/keithmccammon/oversight-logger
GitHub - keithmccammon/oversight-logger: A logging script for the Objective-See OverSight tool, to capture macOS camera and microphone events.

A logging script for the Objective-See OverSight tool, to capture macOS camera and microphone events. - keithmccammon/oversight-logger

GitHub
Show threadKeith W. McCammonJul 7, 2023

@jerry I might be unique or alone in not paying this much mind. So long as the writing is relevant, concise, and teaches me something I definitely do not care what combination of man or machine produced it.

Personally, I've found that AI is a useful tool for helping me make something I've written more clear or concise, while at the same time not absolving me of my responsibility to stand by the content, accuracy, truthfulness.

Show threadKeith W. McCammonJul 4, 2023
@Cali https://play.backdoorsandbreaches.com/
B&B Shuffle by Richard Phung/P3hndrx

Show threadKeith W. McCammonMar 26, 2023

@taosecurity @mitreattack Fair, fair. I'm not sure why I didn't include the percentages in the first place.

I also excluded Other because it isn't a named technique, but makes sense to be complete, so all of the (completely non-scientific) data is represented.

Good feedback, thank you!

Show threadKeith W. McCammonMar 25, 2023
@taosecurity @mitreattack Ahh but I was expecting you, Richard! It’s in there 😎
Keith W. McCammonMar 25, 2023

Fun with vendor threat reports, @mitreattack, and pie charts: The top initial access vectors in 2022, mapped to ATT&CK.

https://kwm.me/articles/top-initial-access-vectors-2022/

NOTE: Still have more data to add. Would love pointers to additional reports with data specific to initial access technique prevalence.

The top initial access vectors in 2022, mapped to ATT&CK

In reviewing security firms’ 2022 threat data, a subset of these include insight into the initial access vectors leveraged most frequently in successful intrusions. This is a summarization of findings based on their reporting.

KWM
Keith W. McCammonMar 24, 2023
Zack WhittakerMar 24, 2023
"I'm sorry I laughed, I didn't realize you were being serious?" https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/
TechCrunch is part of the Yahoo family of brands

Keith W. McCammonMar 12, 2023

Lil' side project: A simple, easy to maintain ransomware group leaderboard based on industry reporting.

https://kwm.me/articles/most-prolific-ransomware-groups-in-2022/

The most prolific ransomware groups in 2022

It’s 2023 and security firms are starting to release findings from 2022 threat data, notably their lists of the most active, impactful ransomware groups.

KWM