@sec_hub93028 There was something like this at @DEATHCon2025

@DenverHartlo @UK_Daniel_Card Tbh it’s been a while since I watched it and if iirc it did have some Fast & Furious level preposterousness but was a good watch for sure. And I’m seeing the 2nd one is coming out soon. Definitely going to watch it

@DenverHartlo @UK_Daniel_Card SISU was also awesome

@UK_Daniel_Card

@V_to_the_K I’m gonna say the opposite of most here but I did the same. Found that I actually thrived on blue team and enjoyed it much more. And I get to do offsec every once in a while building detections and testing controls. Take a few days to sit with it. Whatever you decide, good luck!

@jgmac1106 @phishfinding

@janbakker_ I’m Spart… I mean, Conditional Access!

Finally getting around to writing another post. A continuation, in spirit, to the last post of SOC optimization but this one will be focusing on tools and features in XDR to empower small teams. There's always some much going on, use the platform to help ease the workload.

@ImposeCost ..... ransomware operators are just doing their job, leave them alone

Don't login to Chrome with your personal account on your work computer. They really do make it too easy. Consider restricting users from signing in for their own privacy and org protection:

@Wietze Thank you! much appreciated

This. Detecting this in XDR doesn't have to be difficult. The behavior is what matters here not the method of its implementation. Do you need to try and parse the cmdline?? Or can you detect this through anomaly detection of the binary behavior?

RT @Cyb3rMik3: 📢 𝐒𝐢𝐠𝐧𝐢𝐟𝐢𝐜𝐚𝐧𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐨𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐈𝐧𝐭𝐞𝐥𝐥𝐢𝐠𝐞𝐧𝐜𝐞! Over the past days a few updates surfaced about MDTI⤵️…

RT @SecurePeacock: Splunk dropped a new LLM honeypot:

@Cyb3rMonk Yeah that’s completely fair, and agree. That’s my bad. I should’ve stated earlier, I’d love to have more independent events vs the sampling we get now. But if it was keep it as is or get AggregatedReporting..

@Cyb3rMonk Ok ok. You don’t feel image load events are a reliable enough of a vector for detections/bad roi building that functionality out? Or we’re good with the data already being pulled in?

@EricaZelic to actually answer… indefinitely