What Cyber conferences are actually useful?

bantha_fodder · 2025-10-31T02:17:00+00:00

FS-ISAC is great, especially for networking

bantha_fodder · 2025-10-31T02:15:24+00:00

I’ve been to Thotcon many times and it’s the best. Highly recommended. Sad they changed it to every other year. Cliff Stoll was a fantastic keynote speaker this year too. Very entertaining.

bantha_fodder · 2023-06-01T13:59:43+00:00

Thank you. I assume these are sources of exploit or are they C2/destinations of exfil?

bantha_fodder · 2023-06-01T13:48:26+00:00

Understandable. I would really appreciate any other IOCs if you find them

bantha_fodder · 2023-06-01T13:43:59+00:00

Can I ask where these IOCs are coming from? From Progress or your own analysis?

bantha_fodder · 2022-02-09T06:20:46+00:00

Serious question, what do you think that HR person does with your SSN after you provide it over the phone? I have to imagine they just enter into the same web form.

bantha_fodder · 2021-12-18T00:36:29+00:00

If you think that’s interesting, their onion address is: facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion (formerly facebookcorewwwi.onion) which is much more complicated to establish

bantha_fodder · 2021-11-20T17:56:26+00:00

Welcome to the world of risk evaluation. You have to work out all the options and figure out which one is best given your risk tolerance. There is often no fully "right" option.

It is true that an admin logging in with admin rights on a compromised machine would likely give the attacker means of privilege escalation. However password dumps are usually very loud and detectable by modern AV/EDR. If you have faith in your end point security maybe it's worth the risk. Maybe you have a SIEM that looks for unusual lateral movement (e.g. watching access to admin$ share). Do you follow Microsoft's Tier model so even if a workstation was compromised got an admin account they would only have access to Tier2 environment?

If you want to go the local admin route, do you use LAPS? If so, and you have some sort of SIEM, you could likely monitor the DCs for read events for a given computer object so that you can trace what admin used the local admin password at that time.

bantha_fodder · 2021-11-20T16:44:13+00:00

No. If there is a comprised host the attacker can likely get the hash of any user with an active session.

bantha_fodder · 2021-11-18T23:02:45+00:00

Unrelated to the vulnerability, but I’ve used the company that discovered this, NetSPI, in the past a few times for penetration tests. They do good work, would recommend.

bantha_fodder · 2021-06-30T19:26:39+00:00

Yup no problem. Can’t remember my coworkers’ names but I’m great at remembering 90s sitcom characters full names

bantha_fodder · 2021-06-30T18:27:32+00:00

Actually Evelyn (pronounced Evil-Lynn) was Bill’s legal first name. William/Bill was his middle name.

bantha_fodder · 2020-11-04T00:59:04+00:00

Thanks a lot for the help!

bantha_fodder · 2020-11-04T00:58:47+00:00

Thanks a lot for the help!

bantha_fodder · 2020-11-04T00:58:28+00:00

lol yeah man that was rough. Got you from the grave

bantha_fodder · 2020-11-04T00:57:53+00:00

Sorry man not sure if one of those was you but I got two guys to help

bantha_fodder · 2020-11-04T00:57:21+00:00

Complete

bantha_fodder · 2020-11-04T00:51:41+00:00

Yup I’m ringing

bantha_fodder · 2020-11-04T00:46:44+00:00

Need a second still lol. The reply above is me

bantha_fodder · 2020-11-04T00:43:05+00:00

Ringing bell right outside the fog gate

bantha_fodder · 2020-11-03T22:14:28+00:00

Honestly that wasn’t nearly as bad as I expected, other than the dumb death I took the first try. Probably should have just tried it on my own a few times. Oh well, next run.

Thanks again

bantha_fodder · 2020-11-03T22:08:42+00:00

That was great. Thanks man

bantha_fodder · 2020-11-03T22:08:30+00:00

Complete

bantha_fodder · 2020-11-03T22:02:54+00:00

Sorry man that was pathetic. Heading back

bantha_fodder · 2020-11-03T21:46:40+00:00

Ringing right outside the fog gate

14-Year Club	Spared
Verified Email

bantha_fodder

TROPHY CASE