If your day-to-day life is primarily behind your monitor and keyboard, this article is for you. AI is coming fast for our jobs, and most of us are not as alarmed as we should be, nor know what to do about it. I’ve spent the last 12 months digging deeper and deeper into Generative AI, spent 100s of hours building tools with all the “standard” architectures, and I’ve come to some conclusions that I’d like to share with the rest of us. I’m hoping this gives you the point of view that I think we should all have. How Good is Generative AI, really?

2022 was an interesting year for me. Compared to 2021 and 2020, it was one of the quieter years of my infosec career, even though the noise and hype around every single vulnerability, “breach”, and leak were immense. I decided to focus less on the news, and spend a bit of my 2022 grasping the fundamentals. I also chose a book as the preferred medium since I find it easier to sit down and read than to open a browser tab and get lost in my lack of concentration. I went through at least 20 publications over the past 12 months; some were long blog posts, some were documentation and RFCs and some were published books. In this blog post, I’ll try to rate/rank the top ones I read and give a paragraph on the pros/cons.

According to the Twitter post by ESET the wiper is deployed by group policy to the infected system. Once run, as administrator, the system will crash and the following screen will be displayed. Once the computer is rebooted it crashes and will not start anymore and prompt that it cannot locate the operating system.

As a cyber defender and a DFIR analyst, network packet captures are one of my best friends. I know that’s probably one of the most depressing things you’ve ever heard, but that doesn’t make it less true (͠≖ ͜ʖ͠≖)

C2 (Command and Control) is a Server-Client communication method, mostly referred to as malicious communication between a trojan, malware or any other malicious program to the “mothership”. The C2 server usually has 100s if not thousands of clients connected to it, and each client (compromised device) can act differently and behave in a certain way.

C2 is a generic term. The malware samples I’ve come across have used various methods to establish the connection to the command and control servers. Some of the interesting ones include: - Reading metadata inside a Tweet picture to get the next action - Analyse comments on Britney’s photo on Instagram and decrypt the message - Login to Gmail/Outlook and use the email’s builtin features - Pure HTTP connection to an IP/hostname

First off, let’s have a brief overview of what SolarWinds Orion is and what’s it good for. Orion’s main purpose is to give a single pane of glass to look at your IT infrastructure. Various technologies can pump their metrics into Orion Database using Orion poller as a proxy. Orion Pollers will sit in your network, consume the metrics they need, and push it to the database engine. From the design perspective, it’s a robust, effective, and scalable way of having the data always ready. Oh btw, SolarWinds has nearly 18,000 customers worldwide.