home.social

#for509 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #for509, aggregated by home.social.

  1. #Ransomware threat actors are increasingly abusing AWS's Server-Side Encryption (SSE-C) to encrypt S3 buckets without needing to drop malware. Most recently a TA known as #Codefinger is using this technique.

    🕵 Make sure you're monitoring S3 and encryption activity via CloudTrail & GuardDuty.

    halcyon.ai/blog/abusing-aws-na

    #CloudForensics #FOR509 #AWS

  2. #Ransomware threat actors are increasingly abusing AWS's Server-Side Encryption (SSE-C) to encrypt S3 buckets without needing to drop malware. Most recently a TA known as #Codefinger is using this technique.

    🕵 Make sure you're monitoring S3 and encryption activity via CloudTrail & GuardDuty.

    halcyon.ai/blog/abusing-aws-na

    #CloudForensics #FOR509 #AWS

  3. #Ransomware threat actors are increasingly abusing AWS's Server-Side Encryption (SSE-C) to encrypt S3 buckets without needing to drop malware. Most recently a TA known as #Codefinger is using this technique.

    🕵 Make sure you're monitoring S3 and encryption activity via CloudTrail & GuardDuty.

    halcyon.ai/blog/abusing-aws-na

    #CloudForensics #FOR509 #AWS

  4. #Ransomware threat actors are increasingly abusing AWS's Server-Side Encryption (SSE-C) to encrypt S3 buckets without needing to drop malware. Most recently a TA known as #Codefinger is using this technique.

    🕵 Make sure you're monitoring S3 and encryption activity via CloudTrail & GuardDuty.

    halcyon.ai/blog/abusing-aws-na

    #CloudForensics #FOR509 #AWS

  5. #Ransomware threat actors are increasingly abusing AWS's Server-Side Encryption (SSE-C) to encrypt S3 buckets without needing to drop malware. Most recently a TA known as #Codefinger is using this technique.

    🕵 Make sure you're monitoring S3 and encryption activity via CloudTrail & GuardDuty.

    halcyon.ai/blog/abusing-aws-na

    #CloudForensics #FOR509 #AWS

  6. :blobcheer:

    Yay, passed my #SANS #FOR509 #GIAC Cloud Forensic Responder (GCFR).

    I'd definitely recommend the course if one is interested in cloud and incident response (but finish the "basic" FOR508 before this course).

  7. :blobcheer:

    Yay, passed my #SANS #FOR509 #GIAC Cloud Forensic Responder (GCFR).

    I'd definitely recommend the course if one is interested in cloud and incident response (but finish the "basic" FOR508 before this course).

  8. :blobcheer:

    Yay, passed my #SANS #FOR509 #GIAC Cloud Forensic Responder (GCFR).

    I'd definitely recommend the course if one is interested in cloud and incident response (but finish the "basic" FOR508 before this course).

  9. :blobcheer:

    Yay, passed my #SANS #FOR509 #GIAC Cloud Forensic Responder (GCFR).

    I'd definitely recommend the course if one is interested in cloud and incident response (but finish the "basic" FOR508 before this course).

  10. Yay! Finished the course content and labs of #SANS #FOR509.

    Shout-out to @hecfblog who is a great teacher.

    Now only the exam is left... :blobfearful:

  11. Yay! Finished the course content and labs of #SANS #FOR509.

    Shout-out to @hecfblog who is a great teacher.

    Now only the exam is left... :blobfearful:

  12. Yay! Finished the course content and labs of #SANS #FOR509.

    Shout-out to @hecfblog who is a great teacher.

    Now only the exam is left... :blobfearful:

  13. Yay! Finished the course content and labs of #SANS #FOR509.

    Shout-out to @hecfblog who is a great teacher.

    Now only the exam is left... :blobfearful:

  14. Yay! Finished the course content and labs of #SANS #FOR509.

    Shout-out to @hecfblog who is a great teacher.

    Now only the exam is left... :blobfearful:

  15. If you're using any Enterprise licence with #M365 your log retention should now be 180 days by default, at a minimum, plus you now get the "MailItemsAccessed" events to track individual email access.

    No news on those using the Business Standard licence types 🙄

    #DFIR #CloudForensics #FOR509
    microsoft.com/en-us/security/b

  16. If you're using any Enterprise licence with #M365 your log retention should now be 180 days by default, at a minimum, plus you now get the "MailItemsAccessed" events to track individual email access.

    No news on those using the Business Standard licence types 🙄

    #DFIR #CloudForensics #FOR509
    microsoft.com/en-us/security/b

  17. If you're using any Enterprise licence with #M365 your log retention should now be 180 days by default, at a minimum, plus you now get the "MailItemsAccessed" events to track individual email access.

    No news on those using the Business Standard licence types 🙄

    #DFIR #CloudForensics #FOR509
    microsoft.com/en-us/security/b

  18. Looks like Pizza Hut Australia have started to notify impacted customers of their recent cyber breach.
    The threat actor's initial compromise was via an AWS account, are you ready to investigate an AWS Breach?
    #CloudForensics #DFIR #FOR509

    databreaches.net/pizza-hut-aus

  19. Looks like Pizza Hut Australia have started to notify impacted customers of their recent cyber breach.
    The threat actor's initial compromise was via an AWS account, are you ready to investigate an AWS Breach?
    #CloudForensics #DFIR #FOR509

    databreaches.net/pizza-hut-aus

  20. Looks like Pizza Hut Australia have started to notify impacted customers of their recent cyber breach.
    The threat actor's initial compromise was via an AWS account, are you ready to investigate an AWS Breach?
    #CloudForensics #DFIR #FOR509

    databreaches.net/pizza-hut-aus

  21. Looks like Pizza Hut Australia have started to notify impacted customers of their recent cyber breach.
    The threat actor's initial compromise was via an AWS account, are you ready to investigate an AWS Breach?
    #CloudForensics #DFIR #FOR509

    databreaches.net/pizza-hut-aus

  22. Congratulations to our #FOR509 Day 6 Capstone winners in #Singapore last week.
    It was one of the closest challenges between the competing teams I've seen.

    #CloudForensics
    #DFIR @sansapac

  23. Congratulations to our #FOR509 Day 6 Capstone winners in #Singapore last week.
    It was one of the closest challenges between the competing teams I've seen.

    #CloudForensics
    #DFIR @sansapac

  24. Congratulations to our #FOR509 Day 6 Capstone winners in #Singapore last week.
    It was one of the closest challenges between the competing teams I've seen.

    #CloudForensics
    #DFIR @sansapac

  25. Congratulations to our #FOR509 Day 6 Capstone winners in #Singapore last week.
    It was one of the closest challenges between the competing teams I've seen.

    #CloudForensics
    #DFIR @sansapac

  26. Congratulations to our #FOR509 Day 6 Capstone winners in #Singapore last week.
    It was one of the closest challenges between the competing teams I've seen.

    #CloudForensics
    #DFIR @sansapac

  27. I'm running the #FOR509 #CloudForensics course in 🇦🇺Sydney this May, both in-person and virtual.
    The new class version includes a #GCFR certification and our Day 6 Capstone Challenge with a multi-cloud #DFIR incident to investigate.

    To Register: sans.org/u/1prs
    FOR509 Course Info: for509.com/course

  28. I'm running the #FOR509 #CloudForensics course in 🇦🇺Sydney this May, both in-person and virtual.
    The new class version includes a #GCFR certification and our Day 6 Capstone Challenge with a multi-cloud #DFIR incident to investigate.

    To Register: sans.org/u/1prs
    FOR509 Course Info: for509.com/course

  29. I'm running the #FOR509 #CloudForensics course in 🇦🇺Sydney this May, both in-person and virtual.
    The new class version includes a #GCFR certification and our Day 6 Capstone Challenge with a multi-cloud #DFIR incident to investigate.

    To Register: sans.org/u/1prs
    FOR509 Course Info: for509.com/course

  30. Congratulations to our @[email protected] #FOR509 Day 6 Capstone team winners this week. It was incredibly close with all teams this week powering through our multi Cloud #DFIR challenge.

    @sansforensics

  31. Congratulations to our @[email protected] #FOR509 Day 6 Capstone team winners this week. It was incredibly close with all teams this week powering through our multi Cloud #DFIR challenge.

    @sansforensics

  32. Congratulations to our @[email protected] #FOR509 Day 6 Capstone team winners this week. It was incredibly close with all teams this week powering through our multi Cloud #DFIR challenge.

    @sansforensics

  33. One of my brilliant coauthors Megan Roddie did a write up from our SANS #FOR509 #CloudForensics class on how to extract #AWS logs for analysis.

    #DFIR #CSIRT #CERT
    sans.org/blog/aws-cloud-log-ex

  34. One of my brilliant coauthors Megan Roddie did a write up from our SANS #FOR509 #CloudForensics class on how to extract #AWS logs for analysis.

    #DFIR #CSIRT #CERT
    sans.org/blog/aws-cloud-log-ex

  35. One of my brilliant coauthors Megan Roddie did a write up from our SANS #FOR509 #CloudForensics class on how to extract #AWS logs for analysis.

    #DFIR #CSIRT #CERT
    sans.org/blog/aws-cloud-log-ex

  36. One of my brilliant coauthors Megan Roddie did a write up from our SANS #FOR509 #CloudForensics class on how to extract #AWS logs for analysis.

    #DFIR #CSIRT #CERT
    sans.org/blog/aws-cloud-log-ex

  37. One of my brilliant coauthors Megan Roddie did a write up from our SANS #FOR509 #CloudForensics class on how to extract #AWS logs for analysis.

    #DFIR #CSIRT #CERT
    sans.org/blog/aws-cloud-log-ex