What are /r/blueteamsec's favorite Products & Services?

From 3.5 billion Reddit comments

Hi,

For android malware, you can use virtual devices. For example, genymotion - https://www.genymotion.com

For iOS, there is no straightforward solution but you can use a physical device, and access it remotely via SSH (if rooted) or remote control app.

Thanks for the contribution

The subreddit rules state we link to the source and not news sites where possible - https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/

I will remove this one and replace accordingly

I don't know about this sub specifically, like as a whole, but I personally use a Shaarli instance to save things I find interesting, useful, or insightful. I would like some functionality to have pages saved to the Shaarli instance automatically saved to the Wayback Machine but the community plugin for that seems to have been broken for a while. Because of that, I'm considering moving platforms.

Anyway, Shaarli has the ability to create public or private links, and you can choose which is the default, if you'd like to share a public Shaarli instance but keep some items private.

It is a thing, but there may be a few reasons why the market hasn't latched on to it. With any meaningful level of security telemetry it's pretty much mandatory to use something like ML to make sense of what is normal. Perhaps the security widget industry has already decided the machine learning wave has already crested.

Elastic has some very usable machine learning + anomaly detection capabilities in Elasticsearch + Kibana, with the paid tier licenses. There is a technical barrier to entry setting everything up, but it is all manageable and documented.

You mentioned Zeek, try ingesting all of Zeek's .log files into Elasticsearch and with logstash filters that ensure ingest in ECS (elastic common schema). Elastic has a bunch of machine learning functions and one that can be used to spot stuff like DNS C2 is the high_info_count function for example. The rare, metrics and count functions are also really useful. Full list here: https://www.elastic.co/guide/en/machine-learning/current/ml-functions.html

Out of the box they also come with a bunch of anomaly detection rules for endpoint telemetry, but I have not played with those yet.

Thanks! And if you're interested in knowing more about CrowdSec and the crowdsourced approach these TTPs came to, take a look here. Or watch the talk from ShellCon that explains what CrowdSec is really about.

Not snake oil. These are verified ips that does log4j exploitation. If you need a temp fix real quick, the list is better than not doing anything.

Of course the best solution would be to patch and install CrowdSec so you be a part of the CTI network that shares information (anonymously) about attacks thus helping each other out.

... and i was wrong, thankfully! The now released, official Filebeat Module supports the O365 Management API.

https://www.elastic.co/guide/en/beats/filebeat/7.7/filebeat-module-o365.html

>I just spent a few hours cleaning up an exploited VPX for a customer. As observed below, the ns.conf was compromised (copied and I assume the copy was grabbed). The passwd file was also taken (nothing of import in that one) and the
>
>personalbookmark.pl
>
> file was modified

Try the following which work on a normal account:
http.waf:"Citrix NetScaler"
http.title:"netscaler"

If you don't feel like going to the site with an untrusted cert OP was active on a thread which was a spinoff off pwnagotchi called ESP32 which can do wireless pcap and handshak capture. Probably what the site linked talks about pending OPs clarification.