elliot

@[email protected]
18 Followers
15 Following
71 Posts
Just here to add a bit of chaos to the world.
WorkMSFT Threat Intel
elliotFeb 25
New from Microsoft Threat Intelligence: Developer-targeting campaign using malicious Next.js repositories https://www.microsoft.com/en-us/security/blog/2026/02/24/c2-developer-targeting-campaign/
Developer-targeting campaign using malicious Next.js repositories | Microsoft Security Blog

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard build workflows. The activity demonstrates how staged command-and-control can hide inside routine development tasks.

Microsoft Security Blog
elliotFeb 7
Fresh IOCs and intel - Our team has identified an active campaign exploiting items associated with two CVEs tied to SolarWinds Web Help Desk (CVE‑2025‑40551 and CVE‑2025‑40536). https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/
Analysis of active exploitation of SolarWinds Web Help Desk | Microsoft Security Blog

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.

Microsoft Security Blog
elliotJan 22
Just published from Microsoft Security - newly observed campaign and detections https://aka.ms/aitm-bec
Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint  | Microsoft Security Blog

Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector.

Microsoft Security Blog
elliotAug 22, 2025
Spidey senses ever go off during a remote interview with a candidate that they may be getting some AI assistance? Unfortunately there are new tools that make this even easier https://www.adoptingzerotrust.com/p/the-rise-of-ai-powered-interview
The Rise of AI-Powered Interview Cheating

From astroturfing Reddit to evading anti-cheating tools, InterviewHammer exposes a darker side of AI in hiring

Adopting Zero Trust
elliotApr 24, 2025
Spot me at RSAC next week for a bootleg sticker
elliotDec 5, 2024
Danny PalmerNov 29, 2024

Thanks @thejournalizer for inviting me on Adopting Zero Trust to talk about my own experience of how #infosec media and reporting works.

It was fun to talk about how the 'process' of reporting on #cybersecurity for all those years back at ZDNet worked.

Including, among other things, how it always felt important to not to a) sensationalise and b) be ridiculously hard on a company which had suffered a cyber incident! (I always felt as if the last thing they needed was me calling up to ask about an ongoing thing, but it had to be done... so I tried to be polite about it!)

We also talked a little bit about my shift from being a reporter to being in-house at Darktrace, the launch of the The Inference and how that's given me a new perspective on things.

Also, I spoke about what it was like being at Black Hat USA for the first time. (Spoiler: BIG)

You can give it a watch/listen here. :) (or wherever you get your podcasts)

https://www.youtube.com/watch?v=uzUlqXWWVMc

What happens behind the scenes before security incidents and news are reported

YouTube
elliotDec 5, 2024
Microsoft Threat Intelligence assesses the Russian nation-state actor we track as Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years. https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog

Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets.

Microsoft Security Blog
Show threadelliotNov 30, 2023
Show notes, giveaway, and links to #podcast platforms here https://www.adoptingzerotrust.com/p/azt-from-hacktivist-to-white-hat
AZT: From Hacktivist to White Hat Hacker. A Chat with LulzSec's Sabu.

Season two, episode 19: Hector Monsegur, Co-Founder of LulzSec, and current Director of Research for Alacrinet, discusses his journey from hacktivism to pen testing.

Adopting Zero Trust
elliotNov 30, 2023

As we close season 2 of AZT we chat with a person who was actively part of cybersecurity history. But, unlike past episodes, he was on the other side of the conversation. While that lives in the past, Hector Monsegur Co-Founded LulzSec, a hacktivist group that made headline after headline impacting various organizations such as PlayStation and Fox.

Today, Hector has turned his experience into a positive, now as a white hat hacker helping secure people as a researcher and pen tester.

If you're interested in more of Hector's story beyond today's episode, we recommend checking out his own podcast, Hacker and the Fed, which features one of the FBI agents who came knocking on his door.

Also, we are doing a little giveaway, so check our site/show notes for how you can grab a Flipper Zero.

elliotNov 29, 2023
Tomorrow on AZT we chat with the co-founder of hacktivist group LulzSec. Also, giving away a Flipper Zero. #podcast