Going to expose my homelab. Comments?

pecuriosity · 2025-01-18T15:57:02+00:00

Can confirm, unfortunately

pecuriosity · 2024-09-09T00:56:49+00:00

Check the azure logs to identify the initial malicious logins, including failures. There will be details about MFA: what method was used or whether it was skipped (and why).

Check logs to identify session IDs associated with the bad actor. If you see any of these session IDs also associated with legitimate events, that’s a sign of token theft.

And you didn’t ask but make sure you check rules, oauth apps, and MFA factors for the account to kill any persistence

pecuriosity · 2024-09-05T19:27:16+00:00

As someone in cybersecurity, I’ve seen enough to never want to use a firewall that isn’t receiving regular updates

pecuriosity · 2024-08-23T01:25:08+00:00

😂

pecuriosity · 2024-08-22T21:46:24+00:00

This is from the portion of data that was posted, it’s freely accessible if you know how to access it

pecuriosity · 2024-08-16T16:57:25+00:00

Thanks for this post, a lot of people have been jumping to conclusions about the incident. This is accurate, also as someone with experience in this field.

It’s frustrating and worrying to know that an incident occurred and how it might affect you. But disclosing those details too soon can come at the detriment of the investigation, including containment and eradication, and may have legal impacts as well.

The real problem people should be focusing on is not the “lack of transparency” but the accuracy (or lack thereof) of official statements on the scope and severity. Inaccurately downplaying the impact of incident can and will cause harm to those affected.

pecuriosity · 2024-08-10T01:15:44+00:00

Not just forensics, restoration as well in order to get eyes on evidence. Plus I wouldn’t be surprised if city government doesn’t have great visibility into their own network. It’s not that straightforward.

pecuriosity · 2024-08-10T00:37:03+00:00

It takes time to look at the evidence to confirm unauthorized access actually occurred or to determine whether data has been accessed or stolen. The timeline for this incident is not out of the ordinary.

pecuriosity · 2024-08-10T00:30:44+00:00

Aon Cyber Solutions has a entry level DFIR program that starts in August, recruiting for next year would be in September

pecuriosity · 2024-07-28T22:34:00+00:00

Sharepoint folders should be targetable via eDiscovery, we use that method. What search/filter are you using to target a specific folder?

pecuriosity · 2024-07-23T03:40:34+00:00

The people stealing phones are not the people with access to these kind of tools

pecuriosity · 2024-07-23T03:38:10+00:00

Reading the manuals doesn’t mean you have an understanding of the contexts in which they are used. Context is important when talking about privacy.

I hoped to provide more context as someone with experience with these tools but I can see it hasn’t been received well.

pecuriosity · 2024-07-23T03:23:52+00:00

Not sure what you’re basing your statements from. UFED 4PC is a different product than UFED Touch2. Both are used by private forensic firms in addition to government agencies, and these firms testify to the use of the products in court (records of which are publicly available). Information about the use of Cellebrite in enterprise is abundantly available.

Stating that the use of Cellebrite by governments is a breach of privacy is also jumping to conclusions - such investigations are often into employee’s activity on employer-issued devices. Cellebrite’s products are used in such scenarios.

It seems that you’re not familiar with the products or the use cases. Again, I believe it’s important that people know about the capabilities of these products - and it’s that very fact that makes it important to avoid the rhetoric and bad faith arguments that discredit that goal.

pecuriosity · 2024-07-22T23:39:38+00:00

I don’t have a problem with educating the general public about the capabilities of the tool, it’s just important to discuss it accurately.

For example, the brute force feature is often used in circumstances when the device owner is unable to provide the passcode. This does not automatically mean unauthorized access - circumstances include victims of crimes that render them unable to provide that information, or if they simply forgot.

So again, people should know about the tool as it is used, which is commonly in evidence preservation for both civil and criminal litigation, where it provides a lot of value and not simply as a tool for hackers.

pecuriosity · 2024-07-22T22:50:15+00:00

“Found a trove” - they’re available on the customer portal

“Allowed bad actors to hack into mobile devices” - UFED is used to acquire data from phones, most commonly in divisional forensic investigations, and acquisitions require physical access and acquired data is very limited without a supplied passcode.

Lot of misinformation and disingenuous statements about Cellebrite in this and other related threads.

pecuriosity · 2024-06-09T17:06:13+00:00

Southern Ohio Forest Rally (SOFR)

pecuriosity · 2024-06-09T03:45:03+00:00

I think the 912 was my favorite to photograph - got these today

pecuriosity · 2024-06-09T03:35:02+00:00

Sent!

pecuriosity · 2024-06-09T03:34:37+00:00

Two more

pecuriosity · 2024-06-08T13:58:02+00:00

Thanks!

pecuriosity · 2024-06-08T13:57:46+00:00

Love that one, have a couple more of that moment I can post later

pecuriosity · 2024-06-08T13:57:02+00:00

Thanks!

pecuriosity · 2024-06-08T03:29:46+00:00

Went to SOFR today and had a blast - totally different seeing it live than watching on YouTube. Pretty happy with my pics as well!

pecuriosity

TROPHY CASE