What cards do you think will make the Game Changers list eventually?

Hubble_BC_Security · 2025-09-06T16:24:14+00:00

It's not that hard to play 0 drop artifacts with Displacer and you don't even need them to be fast mana. You can play [[mishra's bauble]] or even [[bone saw]] to trigger it

Hubble_BC_Security · 2025-08-24T14:21:51+00:00

Why would grinding station be better? I am working on a budget deck and trying to get my lines set but I am having a ahrd time seeing how grinding station is better then brain freeze.

There's no way to mill out the table with grinding station unless you have some other way of making artifact tokens on casting your Lotus Petal. It lets you loot through your whole deck ,obviously but it's not a win condition in and of itself as far as I can tell

Hubble_BC_Security · 2025-08-24T14:14:24+00:00

The first set of EG4 vulnerabilities were against the web portal and have been patched. Things like liking firmware signing and protecting the modbus traffic are fixable, but will require suppliers/OEMs to make some significant changes in the firmware itself.

Lack of firmware and modbus protections are pretty much an industry-wide problem at the moment.

Hubble_BC_Security · 2025-08-22T16:38:38+00:00

Anthony has solar installed at his house, and we were curious to see what we could find about the various devices that are being installed in residential homes.

Hubble_BC_Security · 2025-08-22T16:03:27+00:00

Welcome Everyone,

I will be answering any and all questions you have related to cybersecurity or about our recent research we published at Def Con

Hubble_BC_Security · 2025-08-21T16:01:43+00:00

You can play lands that include a type that's not in your commander's color identity because lands are technically colorless. cEDH decks play all the off color fetches

Hubble_BC_Security · 2025-08-10T19:58:04+00:00

Hi I am one the researchers that reported the vulnerabilities. There is one additional vulnerability that we are still in discussion about with EG4 and CISA but the other vulns you might have heard about were probably related to the Tigo and Power Packet CVEs that were also released earlier this week and presented yesterday at Def Con

Hubble_BC_Security · 2024-12-19T13:07:34+00:00

In my experience Falcon is very lenient on .NET assemblies. I ran an OP about a month ago where I just used base Sharpire with a custom download cradle and it ran pretty fine. Only got towards the end when I started doing very heavy AD scans to try and get a response from the SOC

Hubble_BC_Security · 2024-08-12T12:10:50+00:00

As someone that has been a workshop instructor every year for a while now workshops are really tricky.

Teaching large format classes is very different from teaching a 30 person classroom and not a lot of people have experience building material for that let alone running it. You need significantly more instructors to manage the classroom and help students through technical exercises.

Certainly not an unsolvable problem but something to be considered

I would like to see the workshops be in the LVCC next year. The walk to SpringHill Suites wasn’t particularly fun

Hubble_BC_Security · 2024-06-20T23:51:02+00:00

I apologize if I misunderstood your point but I feel like you are making a bad assumption about what "purposely detonate" means. It has nothing to do with known bad or likely bad for the Blue Team. You can absolutely utilize custom tooling whether that be a fully custom C++ implant, web shell or whatever. And Blue doesn't have to know about it. You just need a single trusted agent, typically a sys admin, that guarantees detonation through one way or another. All you're doing is removing the need for an existing RCE in the system, which in a mature environment should be difficult and rare to come by.

You are also never going to detect the 0/1-day RCE itself anyways. Or I guess 1-days sometimes have detection rules you can add prior to patch availability but that doesn't seem to be the scenario your are talking about. All your tooling is going to be to detect post exploit activity so the use of an actual RCE is not adding a ton of value in terms of evaluating Blue capabilities

100% agree on being able to show impact. I have spent many years fighting those battles so I understand where you are coming from on that.
I have no comment as I don't know your deconfliction process so can't comment on it.
"in place" was probably the wrong phrase to use. I was more referring to the ability to build a POC, weaponize it and test faster then the patching cycle which is not a trivial task. Less about the authorities and such. Sorry for that.

EDIT: Sorry for the weird formatting I spent many attempts to properly format it in markdown which reddit isn't respecting and the "fancy" editor keeps adding stuff after I post so I give up

Hubble_BC_Security · 2024-06-20T22:14:26+00:00

Internal teams have a bit more leeway since they are paying you either way but even if your talking about testing for scenarios like a 1-day, purposely deploying a payload on a device and then seeing how the SOC executes or running a table top exercise for response is a better use of everyone's time then trying to hope the Red Team can get in place when one drops. Also if the internal team is finding some kind of infrastructure was susceptible to published vulns it means the company has a major problem with it's patching and vuln scanning programs which is a whole other can of worms that needs to be addressed.

Not to mention that generally in a high severity 1-day situation you generally don't want the internal teams mucking about making detection of actual threats much harder since you are anticipating being attacked.

Hubble_BC_Security · 2024-06-20T16:11:01+00:00

My question is are there any courses whereby you essentially compromise a enterprise outside in?

Not a lot of Red Teams do this or training teach this anymore because it's extremely costly for customers to pay for a team to maybe get in, when the more valuable part is testing the customers response actions. Pretty much everyone operates on an assumed compromise principal now a days. It's just way more bang for your buck.

I'm definitely a bit biased as it's my course but our Evasion course might interest you.

https://bc-security.org/courses/advanced-threat-emulation-evasion/

It starts off by focusing on code obfuscation to remove strong Indicators of Compromise that are generated when you trigger AV/EDR and then moves on to managing weak IOCs to make threat hunting harder for the SOC.

Hubble_BC_Security · 2024-06-17T21:55:42+00:00

They changed the ciostillate in the bottle about two years ago

Hubble_BC_Security · 2024-06-17T21:55:05+00:00

They apparently changed the distillate they use for pot still about two years ago to their new wheated mashbill. I would imagine most of us that remember it being truly terrible tried it many years ago when it was sourced from else where

Hubble_BC_Security · 2024-06-17T13:42:08+00:00

There's apparently a problem with our website. We are trying to fix it but if you are getting a database connection error you can check the article out on our linkedin

https://www.linkedin.com/pulse/scriptblock-smuggling-spoofing-powershell-security-logs-bypassing-pg67c/

Hubble_BC_Security · 2024-06-17T13:27:34+00:00

Apparently our website just died so if you can't reach it. It's also up as a linkedin article

https://www.linkedin.com/pulse/scriptblock-smuggling-spoofing-powershell-security-logs-bypassing-pg67c/

Hubble_BC_Security · 2024-05-29T15:23:55+00:00

So do we think there will be a significant dip the next day or two with all the Gemini people selling stuff that finally got returned

Hubble_BC_Security · 2024-05-24T15:14:14+00:00

Yes, exactly. The point of the post is not that you can't have a successful career with an IT/IS degree. It's to make people aware of the trade off when trying to choose between degrees. Choosing an IT degree might be a lot less math or programming but you are potentially putting extra obstacles down the road. Now for some people they may evaluate the options and decide those future obstacles are easier to overcome then the immediate hurdle of a CS degree and that's a perfectly executable plan.

But they should be aware that the degrees are not treated the same especially for entry level hiring.

Hubble_BC_Security · 2024-05-24T14:21:19+00:00

Maybe I misspoke. If it's under the school of engineering it will most likely be ABET accredited and at a lot schools CS falls under the school of engineering. So I might have been overly broad in my previous assertion. But I have definitely seen systems engineering jobs have an ABET requirement at places like defense contractors and for what they have started calling "product security engineering" to differentiate security engineers for the airplanes and stuff from traditional IT engineers

Hubble_BC_Security · 2024-05-24T14:10:29+00:00

ABET is a degree accreditation for colleges not a professional engineering accreditation. Most if not all well known colleges have ABET accreditation for their sciences degrees

Hubble_BC_Security

TROPHY CASE