🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

We're at the Red Hat Conference this week in Boston. Come by booth 660 and see how we can help protect your Linux systems without endpoint agents.

Remember kids, a token is often just a password that has had MFA bypassed for you already.

At the Red Hat conference again today. Come by our booth and see Sandfly Security in action and how we can work on virtually any Linux system or device without deploying endpoint agents.

We use a SIEM, but don't have a dedicated security team.

Just bought my Defcon ticket. I'd love to be able to buy a badge that is just paper and charge me less. I throw electronic badges in the garbage and it's a huge waste. Upsell to people that want the fancy electronic badges.

I know I've already had my VPNs are mostly overrated garbage post for this quarter, but let me just slide this one in for everyone.

I love a good covert communications channel. This one was interesting in how it leveraged Google Calendar.

Agent-based EDR can miss a lot of context of an attack. For instance they may say a log file was written to or accessed, but without knowing what was written it is very hard to know if it was malicious or not. The operator says it's a false positive, but really it's an unknown

LLMs are not perfect, but they are a great technology. I look at them like an insanely good compression algorithm. They have taken a vast a amount of human knowledge and shrunk it down to a size that can run on your computer. Pretty amazing when you think about it.

My experience with Waymo in San Francisco is that I'll never use an Uber again if I can help it. Waymo felt safer, didn't have unpredictable drivers and was more relaxing. Cities can't get rid of traditional taxis, Uber, etc. fast enough.

Newer variants of the #BPFDoor has an interesting modification made that avoids detections looking for processes with raw sockets. The kernel reports SOCK_DGRAM rather then rather loud "SOCK_RAW". Here we have a sample found in the recent SKT telco breach. (1/20)