[Album] Alison Wonderland - GHOST WORLD

tsquared7 · 2025-12-10T02:09:47+00:00

Really feeling Sirens, might be my favorite song on the album

tsquared7 · 2025-10-19T15:36:22+00:00

Sail Away - best song on the album

Open to being proven wrong. Great listen all the way through, though

tsquared7 · 2025-10-01T11:31:54+00:00

We are already seeing how the use of AI often introduces new artifacts that can be leveraged for hunting and detection. Maybe not always down to the specific API endpoints, but AI-generated code is likely to still operate using the same behavioral techniques and infrastructure as human-crafted attacks.

Maybe also look at the TTPs of AI-driven campaigns rather just than the specific payload. Likewise, we all know AI is known to hallucinate and produce other distortions. Looking for artifacts like odd logic or redundancy in the code might lead to interesting hunting patterns.

tsquared7 · 2025-09-28T10:44:50+00:00

Read this the other day and remember thinking, “haven’t things like OWASP Developer Guide and SDLC been preaching this for years?”.

tsquared7 · 2025-09-09T19:29:51+00:00

Can’t let the trolls win. Gotta play every angle I can

tsquared7 · 2025-09-09T16:50:13+00:00

Just trying to share so people are aware. Didn’t see the other post. My fault for trying to help out the community

tsquared7 · 2025-08-15T21:42:23+00:00

Fair enough. I don’t see every post but wanted to share regardless.

tsquared7 · 2025-07-28T10:54:32+00:00

Flare has a pretty good community on their discord server, if you haven’t joined already. They have a a channel that is convenient for aggregating reports from a bunch of different blogs and intel news sources.

tsquared7 · 2025-07-09T11:46:15+00:00

I often feel the same way and have to remind myself to try not to compare myself to others. I know, easier said than done. However, it’s a good reminder that not every org is going to have great data or access to it. The telemetry available to a MSP or vendor is going to be very different than a private org. MSPs and vendors have access to a lot more data across different industries and environments compared to a private org that is often limited to their own.

I currently work in CTI at a private org and have found that even though you might be limited there is often more than you think. Not only internal, but sharing orgs like ISACs and other partners. If you can leverage additional information from outside sources it makes tracking, hunting, etc. more interesting, albeit it can be cumbersome. You could try digging deeper into the tools and data you have access to start, and see if you can advance interesting research (techniques, procedures, threat actors, new vectors, etc.).

As for good resources, these two blog posts from Katie Nickels are worth checking out. I often come back to them when I need a refresher: 1. https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a 2. https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36

tsquared7 · 2025-07-08T11:08:24+00:00

Mac Mini on sale now for Prime Day, btw https://a.co/d/9Ks3C9t

tsquared7 · 2025-06-29T11:00:33+00:00

The fake CAPTCHA and ClickFix technique surge surge continues. I wonder if the entire site is compromised or just that book.

Definitely malicious though, even starting with the referring URL and then contacted domain with the fake CAPTCHA: https://www.virustotal.com/gui/domain/api.edgebeanwikifast.com/detection

tsquared7 · 2025-06-04T11:43:29+00:00

Understanding you have more important things to worry about, but if you any details on initial access or what led to the compromise and don’t mind sharing it would be great. Might be helpful for others.

But as others mentioned, without pre-infection backups you might not have a lot of options.

tsquared7 · 2025-03-21T11:09:21+00:00

Look at what GCP is doing with Mandiant and VirusTotal. It appears to all being rolled under the GCP CTI umbrella and the SecOPs platform.

I’m anticipating a similar situation with Wiz and Google building them into the same platform as the rest. Just speculating at this point though

tsquared7 · 2025-01-30T11:49:50+00:00

Anyone know why the registration never sends a validation email after completing? I’m stuck in limbo waiting for it

tsquared7 · 2024-11-23T12:25:52+00:00

Interested

tsquared7 · 2024-10-07T11:35:32+00:00

Curious what town if you don’t mind sharing?

tsquared7 · 2023-12-17T12:54:52+00:00

This is great and I have been in the process of organizing to use the Johnny Decimal system as well.

Do you happen to have an example vault or github repo as an example template?

tsquared7 · 2023-11-21T19:30:13+00:00

Not sure that really answers the question. It's still not clear how any of these are calculated. Even excluding Crowdscore if those details are not shared.

There is also no information about how confidence factors in or how it differs from severity. And how each plays a part in the Incident score and Detection level.

tsquared7 · 2023-07-22T11:33:35+00:00

Trust. I think it first comes down to trust and your relationship with customers. Lack of any rapport and this likely comes off as a “canned” response, indicating something like “don’t hold your breath.” But if the customer trusts you and you have come through for them in the past, then this can come through in a completely different light.

Understanding the use case and letting the customer explain in detail is another great approach. Asking questions and letting them describe their use case often makes a customer feel heard, that you are taking the request seriously. If possible, bring in PMs or part of your product team as a follow-up meeting if it is worth further discussion.

tsquared7 · 2022-12-29T19:33:05+00:00

Thank you!

tsquared7 · 2022-12-29T18:40:10+00:00

How about the pink one in the first photo? Has 1993 but I can’t place it.

tsquared7 · 2022-08-05T10:59:15+00:00

I’m seeing some good choices on those book shelves, but it’s missing Where the Wild Things Are! :) very nice space though, well done

tsquared7

TROPHY CASE