Blog
Posts in Category: computing
Detecting OOB interactions in Sentinel
Posted on
6th Jul 2022
Florian Roth on Twitter posted a sigma_hq rule for detecting the use of public tools like interactsh, inspired by Matt Kelly. I adapted it for Sentinel and figured I'd share.
let Domains = dynamic([
".interact.sh",
".oast.pro",
".oast.live",
".oast.site",
".oast.online...
Credential, key, and source disclosure in Thales products
Posted on
13th Jul 2021
Overview
ProtectV and KeySecure "Next Generation" VM images include credentials for AWS EC2, ECR, and SES, DataDog API, and New Relic API license key. Several CA keys are also included.
Multiple AWS EC2 credentials had near-admin rights, potentially allowing malicious changes to the dev, build,...