elliot

@[email protected]
18 Followers
15 Following
71 Posts
Just here to add a bit of chaos to the world.
WorkMSFT Threat Intel
elliotFeb 25
New from Microsoft Threat Intelligence: Developer-targeting campaign using malicious Next.js repositories https://www.microsoft.com/en-us/security/blog/2026/02/24/c2-developer-targeting-campaign/
Developer-targeting campaign using malicious Next.js repositories | Microsoft Security Blog

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard build workflows. The activity demonstrates how staged command-and-control can hide inside routine development tasks.

Microsoft Security Blog
elliotFeb 7
Fresh IOCs and intel - Our team has identified an active campaign exploiting items associated with two CVEs tied to SolarWinds Web Help Desk (CVE‑2025‑40551 and CVE‑2025‑40536). https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/
Analysis of active exploitation of SolarWinds Web Help Desk | Microsoft Security Blog

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.

Microsoft Security Blog
elliotJan 22
Just published from Microsoft Security - newly observed campaign and detections https://aka.ms/aitm-bec
Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint  | Microsoft Security Blog

Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector.

Microsoft Security Blog
elliotAug 22, 2025
Spidey senses ever go off during a remote interview with a candidate that they may be getting some AI assistance? Unfortunately there are new tools that make this even easier https://www.adoptingzerotrust.com/p/the-rise-of-ai-powered-interview
The Rise of AI-Powered Interview Cheating

From astroturfing Reddit to evading anti-cheating tools, InterviewHammer exposes a darker side of AI in hiring

Adopting Zero Trust
elliotApr 24, 2025
Spot me at RSAC next week for a bootleg sticker
elliotDec 5, 2024
Danny PalmerNov 29, 2024

Thanks @thejournalizer for inviting me on Adopting Zero Trust to talk about my own experience of how #infosec media and reporting works.

It was fun to talk about how the 'process' of reporting on #cybersecurity for all those years back at ZDNet worked.

Including, among other things, how it always felt important to not to a) sensationalise and b) be ridiculously hard on a company which had suffered a cyber incident! (I always felt as if the last thing they needed was me calling up to ask about an ongoing thing, but it had to be done... so I tried to be polite about it!)

We also talked a little bit about my shift from being a reporter to being in-house at Darktrace, the launch of the The Inference and how that's given me a new perspective on things.

Also, I spoke about what it was like being at Black Hat USA for the first time. (Spoiler: BIG)

You can give it a watch/listen here. :) (or wherever you get your podcasts)

https://www.youtube.com/watch?v=uzUlqXWWVMc

What happens behind the scenes before security incidents and news are reported

YouTube
elliotDec 5, 2024
Microsoft Threat Intelligence assesses the Russian nation-state actor we track as Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years. https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog

Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets.

Microsoft Security Blog
Show threadelliotJul 19, 2024
@TheDustinChilds the team isn’t big into holding grudges
Show threadelliotJun 24, 2024
@jerry onward and upward
Show threadelliotNov 30, 2023
Show notes, giveaway, and links to #podcast platforms here https://www.adoptingzerotrust.com/p/azt-from-hacktivist-to-white-hat
AZT: From Hacktivist to White Hat Hacker. A Chat with LulzSec's Sabu.

Season two, episode 19: Hector Monsegur, Co-Founder of LulzSec, and current Director of Research for Alacrinet, discusses his journey from hacktivism to pen testing.

Adopting Zero Trust