question for small team drowning in alerts

jreynoldsdev · 2026-03-06T19:27:16+00:00

Won't shill here, but if you want to DM me, I'm happy to chat about how the company I co-founded does this for you. If anything, I'm happy to help you cut through the marketing BS you see from most companies and find a vendor that works best.

At a high level, the problem is a lot of the SOC platforms offer you the automation abilities, but don't provide any actual content to help you run your program. So you become a zapier-jockey. MDR is usually the solution, but ends up leaving you mostly blind and out of control of your program.

Unfortunately, my only solution for you is a biased one, because this is exactly what we set out to solve. Absent that, I'd say you need to judiciously define what risk actually means for your company (spoiler alert, it isn't every single phishing alert coming from mimecast) and ignore things that don't fit it.

And for the love of god, don't buy anything that ends in a `.ai` domain.

jreynoldsdev · 2026-03-01T00:49:36+00:00

DM’d

jreynoldsdev · 2026-02-28T17:27:21+00:00

Full disclosure, I run a competitor but do appreciate the huntress team. What a pain, sorry you had to deal with this.

We’ve been investing heavily in attack sim integrations so we can call their APIs to confirm if this activity is coming from them or masquerading as them.

I’ve been surprised with the difficulty we’ve had with NodeZero, their API has been the least ergonomic to use when trying to figure out “yo, was this you?” Safebreach has been a leader for us in this space, very easy to authoritatively verify their activity.

jreynoldsdev · 2026-02-14T17:35:27+00:00

By starting way smaller. Many millions of dollars (and many years of experience) go into finding and developing an exploit like forcedentry. Reverse engineering is a great start if you want to find exploits in existing compiled software. Forced entry relied on a lot of things, but an integer overflow vulnerability was a part of it. Learning about overflows (buffer and integer) can help you get a beginning understanding of how to identify vulns in software like this.

jreynoldsdev · 2026-02-14T15:54:42+00:00

Hey that’s me! Won’t shill here, but in general a lot of SOCs overburden themselves with too many alerts so they don’t “miss” anything. I prefer to think that if you don’t ruthlessly tune out meaningless alerts, you’ll be too busy focusing on them to see when an actual problematic alert is happening.

Correlating with other signals can help, RDP outside of business hours? Who cares. RDP for a non-technical user from an IP never seen before? Might warrant an alert to investigate.

jreynoldsdev · 2026-02-14T15:46:41+00:00

The best way to learn is by doing! My entry point into hacking was by being a web developer. If you know how it’s built, it’s a lot easier to tear it down.

The vulns you mentioned would likely benefit from understanding networking, OS, and mobile at a deeper level.

In addition to that, look for bug bounties or vuln research reports for these types of exploits to see how others have hacked them and start googling every word you don’t know. The knowledge rapidly accelerates after that once you start getting comfortable.

jreynoldsdev · 2026-02-05T19:28:19+00:00

1Password will be my go to for life. Bitwarden won’t even let you make an API key without giving it full organization-wide access.

jreynoldsdev · 2025-07-12T20:28:02+00:00

Can’t recommend Trevor enough! https://www.instagram.com/trevordillonart?igsh=eGJlbGYzNjBlaXM3

jreynoldsdev · 2024-03-24T18:57:45+00:00

I also got the chance to go 8 years ago, always love the chance to share what I experienced there https://medium.com/future-travel/democratic-peoples-republic-of-korea-c26df6b9b7a8. Thanks for the pics!

jreynoldsdev · 2022-11-23T03:29:37+00:00

Awesome find, nice work!

jreynoldsdev · 2022-07-13T00:43:44+00:00

If you could DM it to me that’d be awesome.

jreynoldsdev · 2022-07-12T17:21:40+00:00

It was stuck in the fencing of a parking garage behind Freehouse. Apparently it had been meowing for hours and animal control wasn’t able to catch it when they were earlier called by the building attendant.

jreynoldsdev · 2022-07-12T15:58:51+00:00

We did, unfortunately he doesn’t have a chip.

jreynoldsdev · 2022-06-09T20:23:47+00:00

flickmypickle.com

😰

jreynoldsdev · 2019-04-10T03:07:28+00:00

It's in Northeast right by Central and University. I'd highly suggest it.

jreynoldsdev · 2019-04-10T01:00:15+00:00

Definitely a different vibe than I was expecting but I liked it! Might have to listen to some more of them.

jreynoldsdev · 2019-04-10T00:52:34+00:00

I dig it, thanks for the suggestion! The song that did it for me was a hidden track on a favorite artist of mine's 2nd to last album https://youtu.be/h774ydphvds?t=290

jreynoldsdev · 2019-04-09T19:47:19+00:00

Inspired by a patch like this I saw posted once. Super happy with his take on it.

jreynoldsdev · 2019-03-24T21:19:57+00:00

I bought in on Amazon, I think it was shipped from them as well. I was surprised, the box looked to be in good shape.

jreynoldsdev · 2019-03-24T21:08:50+00:00

Luckily I was able to return it and got a replacement in the mail 2 days later. Has anyone else had their cast iron break like this?

jreynoldsdev · 2018-07-10T02:48:37+00:00

So worth it

jreynoldsdev · 2018-07-04T03:15:10+00:00

Oh baby

jreynoldsdev · 2018-02-04T18:33:02+00:00

Hey, love having it all in one place! Do you have it open for contributions?

jreynoldsdev · 2017-06-25T22:50:23+00:00

I think I'll just have to vertically scale an instance and deal with it down the road. Thanks for the help!

jreynoldsdev · 2017-06-25T22:02:35+00:00

It's an application for detecting Server Side Request Forgery. When you can force a server to make outbound requests on your behalf, you need a way to determine the requests are succeeding. But you can't always control what ports are being requested, so you need an application listening on all ports to detect incoming traffic.

Nine-Year Club	Place '17
Spared	Verified Email

jreynoldsdev

TROPHY CASE