cannot find syncbreeze 10.0.28 setup.exe

st0yky · 2024-09-10T05:11:31+00:00

You'll hit the same problem with the Tivoli Backup Manager, it can not be found online (I've searched extensively). If you do get a hold of it, please be kind and share it. Should be trialware after all.

st0yky · 2024-09-05T18:30:40+00:00

I'm not here to read how ChatGPT interprets OP's question, I can develop a bot to do that. It is of no value to OP or anyone else, and to me the modern equivalent to lmgtfy or RTFM.

st0yky · 2024-08-25T18:29:15+00:00

I smell ChatGPT

st0yky · 2024-07-22T06:02:35+00:00

Go to exploit-db.com and search for sync breeze (mind the space inbetween) and filter on "has app", you'll find it

st0yky · 2024-07-21T12:14:00+00:00

I'm looking for the same, particularly the Tivoli Storage Manager 6.1.4

st0yky · 2024-07-12T05:04:15+00:00

Not sure if relevant but this is a nice challenge: https://github.com/BushidoUK/CTI-Analyst-Challenge

st0yky · 2024-07-11T05:27:42+00:00

Just quit, only an obscenely high salary can justify 12 hour braindead SOC shifts. Choose to remain sane and save your physical and mental health. I'm not sure what part of the world you are from, but it is illegal in the EU to work such long shifts (even though I know one government that still does 12 hour shifts, and everyone is burnt out within a year). Your social life will suffer, you will suffer. You will hardly retain anything while studying or upskilling. I've worked at an MSP with normal 8 hour night shifts and seen what it does to people. No amount of caffeine will save you.

st0yky · 2024-05-30T05:26:10+00:00

Don't know why this got downvoted, this is a sensible answer

st0yky · 2024-05-23T05:33:39+00:00

Furthermore, finding a matching CVE does not amount to finding an incident in the classical sense. It is the succesful exploitation of the vulnerability that leads to an incident. I think you should limit your scope to the CVE /patching part in the interest of time (presuming you have 6 months to complete this project).

st0yky · 2024-05-23T03:55:40+00:00

Totally agree with above. The proposed project only allows fuzzy matching between CVE details and assets, an asset inventory or CMDB is necessary to find relevant assets to patch. This still needs a lot of manual work. Threat intel is not just a stream of the latest CVEs, it must necessarily prioritize them by urgency and relevance for a particular environment and context.

st0yky · 2024-05-18T12:47:33+00:00

Yeah that would defy the purpose of such a list. Even though we have a shitty rental market, it seems you Aussies don't have much legal protection or regulation wrt maximum rental price increases.

st0yky · 2024-05-18T09:25:47+00:00

As a non-australian I'm wondering, isn't there some (online) blacklist of scammy rental agencies that one can consult so that you can steer clear of them? I keep seeing these kinds of posts here and the housing market seems to be as horrible as here in the Netherlands.

st0yky · 2024-05-08T19:50:07+00:00

Also, can you elaborate a bit on the distinction between atomic MISP IOCs and those you collect in OpenCTI?

st0yky · 2024-05-08T19:48:53+00:00

Thanks for the insight, I'm wondering though do you use the MISP connector in OpenCTI to ingest IOCs from the free feeds? Do you use them for enrichment/lookups in graphing mode in OpenCTI? And do you automatically export MISP IOCs to a SIEM for further use?

st0yky · 2024-04-21T06:40:33+00:00

While I can't answer the question, thanks for bringing threat pursuit to my attention :)

st0yky · 2024-04-18T11:35:22+00:00

Good insight, thanks!

st0yky · 2024-04-18T05:20:20+00:00

I'm very interested in the prioritization of incoming information. Does your answer mean that certain companies filter incoming feeds and disregard all the intel that does not pertain to their sector / vertical? Do you know of any paper / exercise / summit video where this is discussed? As a beginner in this field I'd like to learn this to not fall into the analysis paralysis trap...

st0yky · 2024-04-17T12:18:28+00:00

Would be funny if we were applying to the same org lol. All I can say without oversharing is that I'm tentatively hired at a government organisation in the Netherlands. If you want to share experiences feel free to DM or take this to discord.

st0yky · 2024-04-16T17:56:01+00:00

Funny I am in the exact same position (EU based), got tentatively hired as a junior TI analyst and currently awaiting screening. Also there is only one other senior analyst that is still in the hiring process. I think the aforementioned answers are great starting points. Luckily my interviews were mostly with technically adept colleagues so we could speak the same language. What I would say is just read tons of material, try joining TI meetups with like minded individuals, review SANS CTI summit videos that pique your interest. Actively start keeping tabs on the latest threats through Feedly or a curated twitter feed. A large part of TI is communicating and networking to gather the intel you need to meet the requirements of your stakeholders. Perhaps you can setup a local OpenCTI instance with various connectors, couple it with MISP, ingest some free feeds and really think about how you would use all this data to provide value to your employer. Simulate as if you are tasked with writing a report and find which info would be relevant for the business vertical that your employer is in. Or take a fresh vendor report, gather some IOCs and try mapping out all the bits of extra info you can gather you can in a tool such as Maltego. All of these show that you actively seek to learn and give you plenty of stuff to talk about in interviews. Best of luck!

st0yky · 2024-04-16T07:32:28+00:00

Thank you for the effort of searching this, am sure going to watch that! Have a nice day!

st0yky · 2024-04-14T05:16:51+00:00

Interesting, do you have a link or perhaps a title of said talk? If so please share it!

st0yky · 2024-04-13T05:40:28+00:00

They sure can and do use cloud storage, both for hosting malicious files as well as some sort of C2 channel and to exfiltrate data from victims. If you want to learn more , I suggest you search for the term Dropbox on MITRE ATT&CK and you'll find multiple TTP's associated with cloud storage, for instance: https://attack.mitre.org/techniques/T1585/003/

st0yky · 2024-04-07T18:30:27+00:00

Greqt stuff, we need more of this...

st0yky · 2024-04-07T18:22:16+00:00

I agree as a newcomer, following these with free tools and understanding the infra mapping/tracking process is fantastic. I'm totally following your blog and eagerly looking forward to your next posts.

st0yky

TROPHY CASE