Some of the best automation you can do in a SOC is simply presenting all the relevant information from various portals or feeds to your analysts in one place to action. Automation doesn't need to be complex to be effective and reducing mean time to respond is always valuable.

A threat actor is now advising StackOverflow devs seeking debugging help to install a 'pytoileur' #Python package as a "solution" to their code troubles. 🛑DO NOT fall for this, it's a trap—the package has encoded code hidden on line 17 via whitespaces and infects Windows users

Interesting case from Huntress the other day Headlines: user downloaded rogue instance of ScreenConnect renamed to 'e-Bill.Client.exe' from hxxps[://]cleaningzervices[.]com/ A malicious batch file was executed the day after that led to a RAT being installed onto the host

We're hiring. 100% remote. Check us out below! Someone suggested adding a cool image to make the post more eye-catching. This is a near-perfect representation of what I look like on any given workday, but with IDA / WinDbg / VS on the screen instead.

Protip: If you find a malicious script ITW using webhook[.]site, you can add '/#!/view/' to the URI path ahead of the attacker's GUID and see all of their webhook requests. It is not uncommon for the first checkin to be the actor testing.

SpecterOps is HIRING. Open roles and salary ranges: Associate Consultant: $90,000 - $115,000 Consultant - $115,000 - $135,000 Senior Consultant - $135,000 - $160,000 See all details here: boards.greenhouse.io/specterops/job…

The full OCR text with the temporarily visible password is available in the %LocalAppData%\CoreAIPlatform.00\UKP\{<UUID>}\ukg.db SQLite database, nicely gift wrapped 🎁 for infostealer malware to exfiltrate:

This is a very, very important infosec read for the beginning of your week. The crooks in the Snowflake thing systematically went through lists of credentials stolen in different infostealer malware campaigns (dating back at least four years). And abused them with great success.

Microsoft Incident Response provides a response playbook to empower defenders in tackling the challenges posed by Octo Tempest and evicting the threat actor from cloud and on-premises environments: msft.it/6016Y2DQu

The Elastic Threat Data Services team have an opening for a backend engineer. You'll get to work with Jessica David and other fantastic engineers on building out our automated threat intelligence and data analytics capabilities boards.greenhouse.io/referralsuseon…

Looking for your next cybersecurity adventure? Microsoft DART 🎯 are hiring in the Americas and in APJ. If responding to some of the most complex and large scale compromises in the world sounds like fun to you, then hit apply! aka.ms/dartjobs

Truman Kain, Sr. Product Researcher at Huntress shows how quickly #AI allows an adversary to clone a voice for a #vishing attack in the newest #TradecraftTuesday. bit.ly/45Hs9m2

CheckPoint Research (Check Point Research ) is hiring in Warsaw! If you are a vulnerability researcher looking for new exciting opportunities, and a friendly, international team, have a look: careers.checkpoint.com/index.php?modu… 💙

We're hiring SOC managers in the UK & AUS. Full remote roles. Come join the Huntress team! boards.greenhouse.io/huntress Drop me a DM or Comment if you apply!

1/ 🛡️ The Customer Isn't Always Right 🛡️ We reported several suspicious SSH processes originating from a DICOM (medical images) viewer installer. The viewer itself was legitimate, but the SSH activity seemed suspicious. Our partner initially rejected the report, insisting it was

Looks like SentinelOne has some CTI roles open with a preference for experience with The Vertex Project #synapse 🤩 sentinelone.com/jobs/?gh_jid=6…

NEW LAB 🥳: WinDbg Crash Dump Analysis by DebugPrivilege Using WinDbg to analyze dumps of CVE-2024-29824 and CVE-2023-29357 exploited in the wild. 👇Solve the incident here 👇 xintra.org Test your memory forensic skills on: 👀Reflective DLL Injection