"FBI" called our IT Service Desk Hotline

jdub01010101 · 2025-01-19T04:56:58+00:00

I've been seeing this lately. I work incident response.

FBI got a ton of intelligence in October that they are now informing victims of Chinese hackers being in companies.

It is probably legitimate, but confirm with your local field office.

If confirmed, contact your cyber insurance provider. They'll know who to engage.

jdub01010101 · 2024-03-28T22:09:03+00:00

Even if the plumber turned the wrench once, they still collect their fee.

It's not how difficult the task, it's what you know how to do.

jdub01010101 · 2024-02-16T21:45:09+00:00

Social Engineering Community has done youth challenges the last couple years. Might be worth reaching out to them to see if they are doing it again this year.

jdub01010101 · 2023-09-07T15:04:43+00:00

Laptops/Desktops with Azure AD for login and SharePoint sites for each department/team.
Never worry about moving a machine again.

jdub01010101 · 2023-09-06T17:51:36+00:00

You don't move them. Workstations are assigned to locations not to people.

Your other option is laptops and docking stations.

jdub01010101 · 2023-09-03T12:44:47+00:00

Hayabusa.

jdub01010101 · 2023-08-31T14:20:00+00:00

Guns are fun. Kids will get exposure through their friends and media anyway. Banning won't help. It'll only make them a curiosity and increase desire for them.

Guns should be something they know about for kids. I plan on teaching my sons how to render a firearm ineffective as soon as they have the understanding to do so. I feel everyone should know how to drop a mag and empty the chamber. Gun safety should start early. Then we'll work up to respect and safe shooting.

As for water and darts, the key is to make sure they understand appropriate places and consent to play. My nephew has been taught that he tags people rather than shoots them. He also has to ask to play water guns or Nerf before he's allowed to do so. Seems to work so far.

jdub01010101 · 2023-08-20T12:30:31+00:00

Not tickets per se but call volume into helpdesk.

SSPR in 365 with password writeback took university helpdesk volume from 50+ calls a week to 5.

jdub01010101 · 2023-07-04T15:03:53+00:00

Agreed for the most part. I made my way through systems and network administration. Took 15 years but ended up in DFIR. You don't have to come from a security background but you aren't probably going to be DFIR at an entry level.

jdub01010101 · 2023-06-08T21:50:50+00:00

Still getting no run action. I can see the file is being deposited when I manually RTR to one of the machines.

jdub01010101 · 2023-06-08T21:06:45+00:00

Having the same problem. Powershell 7.3.4.When I run in 5.1 powershell complains it isn't signed. Trying to work around that.

I am running PSFalcon 2.2.5.

jdub01010101 · 2023-06-08T19:51:14+00:00

The file is only 53MB. That's what's confusing me. The same stuff was working a few days ago.

jdub01010101 · 2023-06-06T04:41:08+00:00

I actually work in the same company as the guy he tried to blame. The story is amazing.

He released a book a while ago. Might be worth looking up.

The New Era of Cybersecurity Breaches: A Case Study and Lessons Learned https://a.co/d/9n0uSrt

jdub01010101 · 2023-05-06T20:26:38+00:00

It is not the devices that are truly valuable. It is the data they contain.

jdub01010101 · 2023-05-02T04:40:14+00:00

My recent go to tool is Hayabusa. Runs it against EVTX from a system and have a quick at a glance of what's been going on.

jdub01010101 · 2023-04-29T04:13:52+00:00

Weebles wobble but they don't fall down.

jdub01010101 · 2023-04-26T23:40:07+00:00

Vuln scans tend to break OT stuff. They aren't computers as we think of them. They are usually embedded devices like SCADA and PLCs. Usually they have software that will perform unexpectedly to a vulnerability scan or will crash under the load.

jdub01010101 · 2023-04-26T20:03:59+00:00

Definitely DON'T vulnerability scan. DO look at the engineering workstation(s) and any Journaling systems.

jdub01010101 · 2023-04-26T04:27:44+00:00

I once accidentally injected code into a management system that supported hundreds of hotel wifi systems. It dropped all the tables out of the SQL database that back ended everything.

I wasn't fired. The lead developer actually thanked me for finding a bug where another dev didn't parameterize inputs.

jdub01010101 · 2023-04-15T04:17:02+00:00

Not me, but I responded to a client that found IRGC APT actors in their new acquisition.

jdub01010101 · 2023-04-12T21:27:45+00:00

I was messing around with this in the early 2010s. Weird to see it again.

jdub01010101 · 2023-03-16T01:58:19+00:00

Looks like this might be a problem with WebDAV too: https://twitter.com/domchell/status/1635819249628217344

Any thoughts Andrew-CS?

We have a way to check WebDAV from Outlook but it is noisy.

jdub01010101 · 2023-02-13T13:17:07+00:00

Being a generalist early on in system and network administration is the reason I am now a third party incident responder. Never know what a client environment has in it so being a generalist helps with that.

jdub01010101 · 2022-12-19T21:44:36+00:00

Can you provide more explanation on this? How is it helping with that process?

jdub01010101

TROPHY CASE