Saltmyhash<p>This NLRB whistleblower complaint is a horror story for any CERT team. As a CTI/SOC analyst, if I see spawned powershell invoking web requests to some random-ass AI API reverse-engineering tool/headless browser repository, large outbound byte transfers measured in GBs, or conditional access policies/MFA being tampered with, you’re getting isolated and we’re standing up an incident response bridge. Also, someone on your team has an info stealer on their device if they’re seeing attempted logins from a foreign country within fifteen minutes of account creation. </p><p>This is an insider threat case of the worst kind: one your security team gets to watch but can’t do a damn thing to stop. </p><p><a href="https://arstechnica.com/tech-policy/2025/04/government-it-whistleblower-calls-out-doge-says-he-was-threatened-at-home/?comments-page=1#comments" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/tech-policy/20</span><span class="invisible">25/04/government-it-whistleblower-calls-out-doge-says-he-was-threatened-at-home/?comments-page=1#comments</span></a></p><p><a href="https://whistlebloweraid.org/wp-content/uploads/2025/04/2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">whistlebloweraid.org/wp-conten</span><span class="invisible">t/uploads/2025/04/2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf</span></a></p><p><a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cti</span></a> <a href="https://infosec.exchange/tags/soc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>soc</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Recent searches
Search options
#soc
3 posts2 participants0 posts today
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools https://www.securityweek.com/google-targets-soc-overload-with-automated-ai-alert-and-malware-analysis-tools/ #ArtificialIntelligence #ThreatIntelligence #agenticAI #Mandiant #google #SOC #AI
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools https://www.securityweek.com/google-targets-soc-overload-with-automated-ai-alert-and-malware-analysis-tools/ #ArtificialIntelligence #ThreatIntelligence #agenticAI #Mandiant #google #SOC #AI
Investigation Scenario 
PowerShell Script Block Logging (EID 4104) reveals the pictured command was executed:
What do you look for to investigate whether an incident occurred and its extent?
Security Operations Firm ReliaQuest Raises $500M at $3.4B Valuation – Source: www.securityweek.com https://ciso2ciso.com/security-operations-firm-reliaquest-raises-500m-at-3-4b-valuation-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CybersecurityFunding #CyberSecurityNews #securityweekcom #securityweek #ReliaQuest #funding #SOC
CISO2CISO.COM & CYBER SECURITY GROUP · Security Operations Firm ReliaQuest Raises $500M at $3.4B Valuation – Source: www.securityweek.comSource: www.securityweek.com - Author: Eduard Kovacs Security operations solutions provider ReliaQuest on Monday announced raising $500 million in a new
Security Operations Firm ReliaQuest Raises $500M at $3.4B Valuation https://www.securityweek.com/security-operations-firm-reliaquest-raises-500m-at-3-4b-valuation/ #CybersecurityFunding #ReliaQuest #funding #SOC
Security Operations Firm ReliaQuest Raises $500M at $3.4B Valuation https://www.securityweek.com/security-operations-firm-reliaquest-raises-500m-at-3-4b-valuation/ #CybersecurityFunding #ReliaQuest #funding #SOC
Looking forward to learning more about this libre-licensed RISC-V SoC with Kazan GPU and VPU.
https://www.crowdsupply.com/libre-risc-v/m-class
I'm really curious how these types of chips are prototyped. I know we can simulate a few hundred thousand logical operations with an FPGA, but is that even close to simulating a powerful chip of this size?
Crowd SupplyLibre RISC-V M-ClassA 100% libre RISC-V + 3D GPU chip for mobile devices
2025-03-28 RDP #Honeypot IOCs - 181569 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
138.199.24.6 - 91545
156.146.57.110 - 42849
156.146.57.52 - 10716
Top ASNs:
AS60068 - 93561
AS212238 - 64269
AS135161 - 10653
Top Accounts:
hello - 181455
Test - 33
eltons - 15
Top ISPs:
DataCamp Limited - 93561
Datacamp Limited - 64269
GMO-Z.COM PTE. LTD. - 10653
Top Clients:
Unknown - 181569
Top Software:
Unknown - 181569
Top Keyboards:
Unknown - 181569
Top IP Classification:
hosting & proxy - 160374
hosting - 10710
Unknown - 10440
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
https://pastebin.com/BiF6s8Jh
Pastebin2025-03-28_stats.json - Pastebin.comPastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
Free Cybersecurity Webcasts from SANS — Now Open for Registration!
SANS Institute has released its latest schedule of free, expert-led webcasts throughout 2025. Topics span the most critical areas of cybersecurity today:
Microsoft Defender for Cloud – Best practices & insights ICS Security & Management of Change – Resilience and risk Threat Intelligence & SOC Trends – Based on global survey data Multicloud & GenAI Security – How organizations are adapting Attack Surface Management – Stay ahead of hacker tactics
Flexible live or on-demand viewing
Earn CPE credits
Stay current on the latest in cyber
This is a great opportunity for pros at all levels to grow their skills and stay sharp in a fast-evolving field.
#CyberSecurity #SANS #ProfessionalDevelopment #FreeTraining #ThreatIntel #SOC #CloudSecurity
@sans_isc
@sans_isc@mastodon.social
Continued thread
I registered for the general portion of the show just in case I happen to be in San Jose, CA on the date of the conference. However, I really wish I lived close enough to attend the developer sessions 
Investigation Scenario
You’ve received an alert derived from a Sigma rule indicating a short name path was used in the command line.
Sigma Rule Source: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_susp_ntfs_short_name_path_use_cli.yml
What do you look for to investigate whether an incident occurred?
Spring clean your security data: The case for cybersecurity data hygiene https://www.helpnetsecurity.com/2025/03/25/security-data-hygiene/ #Expertanalysis #datamanagement #cybersecurity #Expertcorner #cyberhygiene #Don'tmiss #Hotstuff #strategy #Auguria #opinion #News #SIEM #SOC
Help Net Security · Spring clean your security data: The case for cybersecurity data hygiene - Help Net SecurityPoor data hygiene isn't just an annoyance; it actively degrades security operation capabilities and readiness.
Replied in thread
@whack At the premium #Apple charges for #SOC #storage I never max it out. I also don’t buy into “oh just attach more external disk!” Especially not with a laptop. #Dongles be damned. I’d like to see #NVMe slots added so we have a cheaper onboard option that enables later #expansion without full system swap.
There are aspects to the Apple #ecosystem I love but, despite Apple silicon, it’s getting much harder not to dump them for #Linux on AMD or pick-an-ARM.