> We're pleased to announce the alpha release of our secure communication principles... https://t.co/BiMlqHa6a1 pic.twitter.com/V7FqHjAXy5 [https://t.co/V7FqHjAXy5] — NCSC UK (@NCSC) January 25, 2020 [https://twitter.com/NCSC/status/1221021650977730560?ref_src=twsrc%5Etfw] NCSC link here; Secure communications principles: alpha releaseGuidance to help you assess the security of voice, video and messaging communication services [https://www.ncsc.gov.uk/guidance/secure-communication-principles-a…
Some interesting ideas in this thread; > Lets assume you have DNS logs. What is some stuff you like to look for when hunting through DNS logs? Personally, I like looking for dynamic DNS stuff because if it isn't malicious, a lot of the time its plan and out bizarre. How bout you? — catte.jpg.vbs (@da_667) January 21, 2020 [https://twitter.com/da_667/status/1219668969839304704?ref_src=twsrc%5Etfw]…
> Malicious macros are still causing problems... https://t.co/x2wYQQALXg pic.twitter.com/GQxYdP51hw [https://t.co/GQxYdP51hw] — NCSC UK (@NCSC) January 8, 2020 [https://twitter.com/NCSC/status/1214931594890424325?ref_src=twsrc%5Etfw] NCSC's guidance can be found here; Malicious macros are still causing problems!Andrew A explains the updated guidance for Microsoft Office macros [https://www.ncsc.gov.uk/blog-post/malicious-macros-are-still-causing-problems]…
Great resource here; > US CERT bulletin calls out #PowerShell [https://twitter.com/hashtag/PowerShell?src=hash&ref_src=twsrc%5Etfw] in #Iran [https://twitter.com/hashtag/Iran?src=hash&ref_src=twsrc%5Etfw] #Cyber [https://twitter.com/hashtag/Cyber?src=hash&ref_src=twsrc%5Etfw] threat. #infosec [https://twitter.com/hashtag/infosec?src=hash&ref_src=twsrc%5Etfw] A bit extreme at points but do logging for sure. Do you have PS logging enabled? https://t.co/i0KGjU0kl3 Use this hands-on lab to learn…
Interesting thread here, and Dimitrios's medium article has interesting ideas too. > Before developing advanced detection techniques for powershell and lateral movement lets think if we can use the build-in free Windows firewall to prevent widely used techniques. Then we can detect unmanaged poweshell etc https://t.co/5jwH3EWKQq — Dimitrios Margaritis (@dmargaritis) November 24, 2019 [https://twitter.com/dmargaritis/status/1198516039526625280?ref_src=twsrc%5Etfw]…