Mastodawn

Stumpy Dec 6, 2024

Just a heads-up for any of you involved in Cyber Incident Response or internal investigations. There is a bug in Microsoft Purview that prevents Legal Hold being applied to emails. Therefore, a user who has Legal Hold applied to their account can still delete emails. Microsoft are working on a fix, but it won't be released until 6th January 2025.

Stumpy Aug 1, 2024

Azure Sentinel is experiencing an issue across multiple instances - no indications of Azure being unavailable yet

Stumpy Jul 21, 2024

Any chance of the US having just a normal weekend, any time soon, please?

Stumpy Jun 9, 2024

Anyone else seeing a big issue with University degree programs for infosec/Cyber Security etc in the UK? None of the graduates that I interview for roles know the format of an IPV4 address or even the high level actions that ransomware gangs take during an attack. Ask them to talk about hacker techniques and they ALL cite "sticky keys" and that's as much as they know. They have never heard of Mimikatz or Cobalt Strike. The majority of people that I interview already have several years SOC experience. They are clearly smart people, but they are clearly not being taught the things they need to know.

Stumpy Jun 7, 2023

If you are dealing with a DA compromise, resetting all passwords and resetting Kerberos krbtgt ticket may not be enough. You need to look at rebuilding the entire forest! https://learn.microsoft.com/en-us/windows/win32/seccng/cng-dpapi-backup-keys-on-ad-domain-controllers

DPAPI backup keys on Active Directory domain controllers - Win32 apps

The Active Directory database contains a set of objects known as DPAPI backup keys.

Stumpy Mar 1, 2023

Looks like there is a major issue with Twitter currently. My timeline is blank - am being prompted to find some accounts to follow.

Stumpy Nov 24, 2022

If confirmed this looks bad...I mean REALLY BAD! https://tomforb.es/infosys-leaked-fulladminaccess-aws-keys-on-pypi-for-over-a-year/

Infosys leaked FullAdminAccess AWS keys on PyPi for over a year

Infosys has a lot to say about security You can check out their website for a lot of buzwords , but it’s clear from all the stock photos that they take security Very Seriously Indeed ™️. However, from what I’ve found recently, it seems that Infosys use the following Comprehensive Management-Endorsed Proficiently Driven Cybersecurity Strategy and Framework items: Don’t use AWS roles or temporary credentials for your developers Instead, use IAM user keys and give them all FullAdminAccess permissions Never rotate these keys and store them as plaintext in git Use these keys to protect what appears to be medical data about COVID patients Have someone publish those keys and the code in a public package to pypi Keep those keys active for days after leakage Make nonsensical pull requests to try and remove all references to the leak The Leak This morning I woke up to a very strange pull request on my pypi-data project.