~Open Source Security Tool of the Day~
lemmeknow
`lemmeknow` can be used for identifying mysterious text or to analyze hard-coded strings from captured network packets, malwares, or just about anything.
~Open Source Security Tool of the Day~
varc (Volatile Artifact Collector)
varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
It creates a zip, which contains a number of different pieces of data to understand what is happening on a system:
- JSON files e.g. running processes and what network connections they are making
- Memory of running proccesses, on a per-process basis. This is also carved to extract log and text data from memory
- Netstat data of active connections
- The contents of open files, for example running binaries
We have successfully executed it across:
- Windows
- Linux
- OSX
- Cloud environments such as AWS EC2
- Containerised Docker/Kubernetes environments such as AWS ECS/EKS/Fargate and Azure AKS
- Even serverless environments such as AWS Lambda
Stranger Things in the Stories of Michael Moorcock
https://goodman-games.com/tftms/2022/09/23/stranger-things-in-the-stories-of-michael-moorcock/
Chainguard releases Wolfi, a Linux 'undistribution'".
Chainguard takes a new approach to building a container Linux with all the security you'd need already baked in."
https://www.zdnet.com/article/chainguard-releases-wolfi-a-linux-undistribution/
Linux On The Laptop Works So Damn Well That It’s Boring
Which is good! Boring = success
https://clivethompson.medium.com/linux-on-the-laptop-works-so-damn-well-that-its-boring-29014b347941
O' Happy Day!
My email provider (Fastmail) and my password manager (Bitwarden) now go together like chocolate and peanut butter.
I am playing with it now and look forward to using Masked Email for new account creations in the future.
https://fastmail.blog/company/masked-email-now-in-more-places-with-bitwarden-integration/
~Open Source Security Tool of the Day~
Sandbox Scryer
The Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in the assembly of IOCs, understanding attack movement and in threat hunting By allowing researchers to send thousands of samples to a sandbox for building a profile that can be used with the ATT&CK technique, the Sandbox Scryer delivers an unprecedented ability to solve use cases at scale The tool is intended for cybersecurity professionals who are interested in threat hunting and attack analysis leveraging sandbox output data. The Sandbox Scryer tool currently consumes output from the free and public Hybrid Analysis malware analysis service helping analysts expedite and scale threat hunting
Cue the sad trombone 🎺
Crypto Dev Enters Wrong Command, Destroys Entire Company
A programming error accidentally — and permanently — shut down the entire Solana blockchain-based platform OptiFi, wiping out $661,000 worth of USDC.
Reading through Tailscale's SOC 2 audit announcement made me think about something simple they do that could prevent an awful lot of issues, even socially engineered ones:
"Require that a second engineer approve any non-emergency changes before releasing them to our production environment."
Simple and sane "best practice" that should be used everywhere
SciFi/Fantasy Fandom attracts many of the worst incel trolls from the stinking sewers of the Land of the Intertoobz.
"This didn’t keep a number of fans from review bombing the series and tanking the user rating before the release even took place. The practice got so bad that the streaming service turned off the rating and comment section until the trolls move on to something else. Typically saved for Star Wars and Marvel, the Rings of Power and Galadriel couldn’t avoid the controversy. "
https://www.giantfreakinrobot.com/ent/rings-of-power-galadriel-controversy-speaks.html
