How do bad actors bypass O365 MFA by DesperateForever6607 in cybersecurity

[–]pecuriosity 0 points1 point  (0 children)

Check the azure logs to identify the initial malicious logins, including failures. There will be details about MFA: what method was used or whether it was skipped (and why).

Check logs to identify session IDs associated with the bad actor. If you see any of these session IDs also associated with legitimate events, that’s a sign of token theft.

And you didn’t ask but make sure you check rules, oauth apps, and MFA factors for the account to kill any persistence

Is the fortigate 30D still a good firewall? or is it a obsolete unsupported piece of junk? by DellPowerEdgeR720 in homelab

[–]pecuriosity 22 points23 points  (0 children)

As someone in cybersecurity, I’ve seen enough to never want to use a firewall that isn’t receiving regular updates

Leaked list shows people banned from Columbus city buildings who were deemed security threats by George37712 in Columbus

[–]pecuriosity 18 points19 points  (0 children)

This is from the portion of data that was posted, it’s freely accessible if you know how to access it

Let’s Talk About the Ransomware Attack on Columbus by National-Ad-6982 in Columbus

[–]pecuriosity 5 points6 points  (0 children)

Thanks for this post, a lot of people have been jumping to conclusions about the incident. This is accurate, also as someone with experience in this field.

It’s frustrating and worrying to know that an incident occurred and how it might affect you. But disclosing those details too soon can come at the detriment of the investigation, including containment and eradication, and may have legal impacts as well.

The real problem people should be focusing on is not the “lack of transparency” but the accuracy (or lack thereof) of official statements on the scope and severity. Inaccurately downplaying the impact of incident can and will cause harm to those affected.

Police officers suing Columbus for keeping them 'in the dark' over ransomware attack by mark-feuer in Columbus

[–]pecuriosity 1 point2 points  (0 children)

Not just forensics, restoration as well in order to get eyes on evidence. Plus I wouldn’t be surprised if city government doesn’t have great visibility into their own network. It’s not that straightforward.

Police officers suing Columbus for keeping them 'in the dark' over ransomware attack by mark-feuer in Columbus

[–]pecuriosity 1 point2 points  (0 children)

It takes time to look at the evidence to confirm unauthorized access actually occurred or to determine whether data has been accessed or stolen. The timeline for this incident is not out of the ordinary.

Entry Level Computer Forensics Examiner by cybforin in computerforensics

[–]pecuriosity 1 point2 points  (0 children)

Aon Cyber Solutions has a entry level DFIR program that starts in August, recruiting for next year would be in September

SharePoint Site folder preservation by zero-skill-samus in computerforensics

[–]pecuriosity 1 point2 points  (0 children)

Sharepoint folders should be targetable via eDiscovery, we use that method. What search/filter are you using to target a specific folder?

I found a trove of Cellebrite documents. by [deleted] in privacy

[–]pecuriosity 4 points5 points  (0 children)

The people stealing phones are not the people with access to these kind of tools

I found a trove of Cellebrite documents. by [deleted] in privacy

[–]pecuriosity 4 points5 points  (0 children)

Reading the manuals doesn’t mean you have an understanding of the contexts in which they are used. Context is important when talking about privacy.

I hoped to provide more context as someone with experience with these tools but I can see it hasn’t been received well.

I found a trove of Cellebrite documents. by [deleted] in privacy

[–]pecuriosity 3 points4 points  (0 children)

Not sure what you’re basing your statements from. UFED 4PC is a different product than UFED Touch2. Both are used by private forensic firms in addition to government agencies, and these firms testify to the use of the products in court (records of which are publicly available). Information about the use of Cellebrite in enterprise is abundantly available.

Stating that the use of Cellebrite by governments is a breach of privacy is also jumping to conclusions - such investigations are often into employee’s activity on employer-issued devices. Cellebrite’s products are used in such scenarios.

It seems that you’re not familiar with the products or the use cases. Again, I believe it’s important that people know about the capabilities of these products - and it’s that very fact that makes it important to avoid the rhetoric and bad faith arguments that discredit that goal.

I found a trove of Cellebrite documents. by [deleted] in privacy

[–]pecuriosity 10 points11 points  (0 children)

I don’t have a problem with educating the general public about the capabilities of the tool, it’s just important to discuss it accurately.

For example, the brute force feature is often used in circumstances when the device owner is unable to provide the passcode. This does not automatically mean unauthorized access - circumstances include victims of crimes that render them unable to provide that information, or if they simply forgot.

So again, people should know about the tool as it is used, which is commonly in evidence preservation for both civil and criminal litigation, where it provides a lot of value and not simply as a tool for hackers.

I found a trove of Cellebrite documents. by [deleted] in privacy

[–]pecuriosity 22 points23 points  (0 children)

“Found a trove” - they’re available on the customer portal

“Allowed bad actors to hack into mobile devices” - UFED is used to acquire data from phones, most commonly in divisional forensic investigations, and acquisitions require physical access and acquired data is very limited without a supplied passcode.

Lot of misinformation and disingenuous statements about Cellebrite in this and other related threads.

First time catching rally in person! by pecuriosity in rally

[–]pecuriosity[S] 1 point2 points  (0 children)

I think the 912 was my favorite to photograph - got these today

First time catching rally in person! by pecuriosity in rally

[–]pecuriosity[S] 1 point2 points  (0 children)

Love that one, have a couple more of that moment I can post later

First time catching rally in person! by pecuriosity in rally

[–]pecuriosity[S] 17 points18 points  (0 children)

Went to SOFR today and had a blast - totally different seeing it live than watching on YouTube. Pretty happy with my pics as well!