Scott Mortimer

Information Security geek, Old School RPG nerd, and wannabe fiction writer.

Scott Mortimer
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

lemmeknow

`lemmeknow` can be used for identifying mysterious text or to analyze hard-coded strings from captured network packets, malwares, or just about anything.

github.com/swanandx/lemmeknow

18 hours ago
Scott Mortimer
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

varc (Volatile Artifact Collector)

varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

It creates a zip, which contains a number of different pieces of data to understand what is happening on a system:

- JSON files e.g. running processes and what network connections they are making
- Memory of running proccesses, on a per-process basis. This is also carved to extract log and text data from memory
- Netstat data of active connections
- The contents of open files, for example running binaries

We have successfully executed it across:

- Windows
- Linux
- OSX
- Cloud environments such as AWS EC2
- Containerised Docker/Kubernetes environments such as AWS ECS/EKS/Fargate and Azure AKS
- Even serverless environments such as AWS Lambda

github.com/cado-security/varc

5 days ago
Scott Mortimer
ScottMortimer@infosec.exchange
September 27, 2022
Scott Mortimer
ScottMortimer@infosec.exchange

Can't wait to play this!

September 25, 2022
Scott Mortimer
ScottMortimer@infosec.exchange

Chainguard releases Wolfi, a Linux 'undistribution'".

Chainguard takes a new approach to building a container Linux with all the security you'd need already baked in."

zdnet.com/article/chainguard-r

September 25, 2022
Scott Mortimer
ScottMortimer@infosec.exchange

Linux On The Laptop Works So Damn Well That It’s Boring

Which is good! Boring = success

clivethompson.medium.com/linux

September 24, 2022
Scott Mortimer
ScottMortimer@infosec.exchange

O' Happy Day!

My email provider (Fastmail) and my password manager (Bitwarden) now go together like chocolate and peanut butter.

I am playing with it now and look forward to using Masked Email for new account creations in the future.

fastmail.blog/company/masked-e

September 15, 2022
Scott Mortimer
ScottMortimer@infosec.exchange
September 15, 2022
Scott Mortimer
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

Sandbox Scryer

The Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in the assembly of IOCs, understanding attack movement and in threat hunting By allowing researchers to send thousands of samples to a sandbox for building a profile that can be used with the ATT&CK technique, the Sandbox Scryer delivers an unprecedented ability to solve use cases at scale The tool is intended for cybersecurity professionals who are interested in threat hunting and attack analysis leveraging sandbox output data. The Sandbox Scryer tool currently consumes output from the free and public Hybrid Analysis malware analysis service helping analysts expedite and scale threat hunting

github.com/PayloadSecurity/San

September 13, 2022
Scott Mortimer
ScottMortimer@infosec.exchange

Cue the sad trombone 🎺

Crypto Dev Enters Wrong Command, Destroys Entire Company

A programming error accidentally — and permanently — shut down the entire Solana blockchain-based platform OptiFi, wiping out $661,000 worth of USDC.

futurism.com/the-byte/crypto-d

September 07, 2022
Scott Mortimer
ScottMortimer@infosec.exchange

Reading through Tailscale's SOC 2 audit announcement made me think about something simple they do that could prevent an awful lot of issues, even socially engineered ones:

"Require that a second engineer approve any non-emergency changes before releasing them to our production environment."

Simple and sane "best practice" that should be used everywhere

tailscale.com/blog/soc2-type2/

September 07, 2022
Scott Mortimer
ScottMortimer@infosec.exchange

SciFi/Fantasy Fandom attracts many of the worst incel trolls from the stinking sewers of the Land of the Intertoobz.

"This didn’t keep a number of fans from review bombing the series and tanking the user rating before the release even took place. The practice got so bad that the streaming service turned off the rating and comment section until the trolls move on to something else. Typically saved for Star Wars and Marvel, the Rings of Power and Galadriel couldn’t avoid the controversy. "

giantfreakinrobot.com/ent/ring

September 06, 2022