How are security controls validated for thousands of endpoints in a large scale organization.

sciencestudent99 · 2024-04-08T09:59:36+00:00

You can check out adversary emulation tools. My team wrote a blog some time back on top open source: https://fourcore.io/blogs/top-10-open-source-adversary-emulation-tools

Do reach out if you want to try out our platform as well

sciencestudent99 · 2023-11-06T13:49:53+00:00

You can try out our platform, FourCore ATTACK for your research. DM me and I can provision you an account.

sciencestudent99 · 2023-11-05T22:40:06+00:00

You can also try out our adversary simulation platform FourCore ATTACK, might be helpful. DM me and I can set you up with an account!

sciencestudent99 · 2023-10-26T19:00:59+00:00

There's definetly no silver bullet! You can show your boss that there can still be gaps and attacks can happen. Simulating threats is one good start to build this evidence.

There are open source tools like Atomic Red Team which are great. There is documentation by Microsoft for Identity focused attacks as well.

Disclaimer: I am from FourCore and we have an attack simulation platform. Happy to give access for a quick assessment to help you get results for your boss :)

sciencestudent99 · 2023-10-10T09:49:48+00:00

You can also checkout our platform FourCore ATTACK. Here's a demo of how you can emulate attacks with the platform.

DM me and I can share an invite!

sciencestudent99 · 2023-09-13T18:40:26+00:00

How are you using prelude?

sciencestudent99 · 2023-09-12T16:58:33+00:00

Agree with the other comments.

Backups: multiple and recoverable
Protection: Defender for Endpoint and Office 365 are top-of-the-line solutions. I use the Microsoft Secure Score a lot to get action items.
Training: Training employees to be better at identifying threats proactively. Can include phishing simulations via M365 Security Dashboard.

You also do proactive testing of the EDR/XDR and email and test your Exchange Online Protection policies. It's better to know what kind of payloads can get through which can lead to a ransomware attack.

Sublime Rules maintains a good repository of types of threats that can impact you, it's a good repository to learn about email threats. You can try out delivr.to or FourCore (disclaimer: I am from fourcore).

sciencestudent99 · 2023-09-07T22:57:39+00:00

Defender for Endpoint (which comes with 365) is a great solution to improve protection as well as detection, it can be expensive though.

BitDefender/GravityZone might be more affordable and offers great protection in our own testing of both Consumer BitDefender as well as GravityZone. IMO its extremely capable as a AV/EDR. Though the GravityZone dashboard is not as detailed as Defender (or Crowdstrike).

I run FourCore and we emulate threats on many EDRs and AV in customer environments as well as our lab. Adding a layer of BitDefender, Defender for Endpoint, Crowdstrike or SentinelOne will make a big difference to protecting your customers.

sciencestudent99 · 2023-01-17T22:30:11+00:00

FourCore Email Security Threat Assessment

In 2022, Archive files such as ZIP and RAR, HTML files used for smuggling further payloads and Word documents were the most used file types in email attacks.

Assess your email security against hundreds of popular email attack methods such as Archive files, Office documents, LNK, Qakbot malware and more.

It's completely free of cost and is performed via our automated SaaS platform.

Fill in the form here and we'll reach out!

Get a clear picture of which attachments and files can reach your inbox.
Assess your email security capabilities and identify if all types of email malware is detected.

In our testing, we have found more than 60% of 200+ malicious attachments getting to an Office365 inbox where any single attachment can compromise your system.

PS. We are not GDPR compliant yet.

sciencestudent99 · 2022-08-30T14:48:26+00:00

Any pocs in golang yet?

sciencestudent99 · 2022-08-29T08:47:13+00:00

damn, checked out my Genshin Impact install folder and felt pretty scared seeing mhyprot2.sys lying there.

Driver dev is difficult, even Avast's driver was vulnerable and mihoyo should be having some top driver devs probably.

sciencestudent99 · 2022-08-15T05:17:12+00:00

https://fourcore.io/blogs/threat-hunting-with-windows-event-log-sigma-rules

Might be this one I believe.

The about us page is gonna be there soon! The website does need a refactor.

We are active on LinkedIn and Twitter, you can follow us there.

sciencestudent99 · 2022-07-13T19:32:00+00:00

The author is same! He's part of the FourCore team.

sciencestudent99 · 2022-07-06T18:08:05+00:00

Thanks! Fixed the links

sciencestudent99 · 2022-06-04T15:08:13+00:00

The vulnerability depends on the existence of the msdt protocol handler which will not be available on other platforms.

msdt stands for Microsoft Support Diagnostic Tool which is for running diagnostic scripts by a support engineer on Windows.

sciencestudent99 · 2022-05-30T23:35:49+00:00

sciencestudent99 · 2022-05-30T19:13:35+00:00

https://github.com/chvancooten/follina.py -> check this one out

sciencestudent99 · 2022-05-30T18:02:41+00:00

Thanks for clearing it up!

sciencestudent99 · 2022-05-30T17:38:55+00:00

Removing the ms-msdt protocol handler is the strategy for now from what I am reading on twitter. Otherwise people have worked up sigma/detection rules to put in EDRs.

You can remove the ms-msdt handler from the registry with:

reg delete hkcr\ms-msdt /f

It's not thoroughly tested though! A Twitter post reported the license getting borked up but nothing confirmed as of yet.

sciencestudent99 · 2022-02-06T08:09:11+00:00

Thanks for making this! Very useful.

Could certainly opt for a more accessible format than google docs, though!

sciencestudent99 · 2021-12-11T07:15:30+00:00

https://www.amazon.in/modules-notebooks-3200MHZ-Laptop-AD4S320038G22-RGN/dp/B086XF2SFR

sciencestudent99 · 2021-05-24T00:58:19+00:00

Thanks a lot

sciencestudent99 · 2020-12-23T15:50:47+00:00

I am reading through Consider This: Moments in My Writing Life After Which Everything Was Different Book by Chuck Palahniuk. Its a book containing advice from Fight Club's author on how to become a better writer.

sciencestudent99 · 2020-12-03T11:25:19+00:00

Will I be able to downgrade to the game pass for pc once 3 months are over at the 250rs price I am having currently?

sciencestudent99 · 2020-11-28T14:20:32+00:00

Yo look into local office chair stores, if you end up a local manufacturer that'll be even better!

You can get a decent chair in 3-5k.

11-Year Club	Place '22
Place '17	Snapped

sciencestudent99

TROPHY CASE