Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Taggart :donor: (mttaggart@infosec.exchange)'s status on Tuesday, 29-Apr-2025 01:46:03 JST Taggart :donor:

FWIW, 100% of #ClickFix attacks I've seen have added some kind of inline comment at the end of the command string like I am not a robot to sell the ruse. Definitely worth a threat hunt on command line history.
#ThreatHunting #ThreatIntel #ThreatIntelligence

In conversation about 15 days ago from infosec.exchange permalink
- Embed this notice
  Taggart :donor: (mttaggart@infosec.exchange)'s status on Tuesday, 29-Apr-2025 01:46:02 JST Taggart :donor:
  in reply to
  - cR0w :cascadia:
  @cR0w It's a standard EDR feature? But yes, it costs hella ducats. Sysmon is free, but oh lordy the self-hosted SIEM ain't.
  
  In conversation about 15 days ago permalink
- Embed this notice
  cR0w :cascadia: (cr0w@infosec.exchange)'s status on Tuesday, 29-Apr-2025 01:46:02 JST cR0w :cascadia:
  in reply to
  
  @mttaggart My EDR is... an interesting story.
  
  In conversation about 15 days ago permalink
- Embed this notice
  cR0w :cascadia: (cr0w@infosec.exchange)'s status on Tuesday, 29-Apr-2025 01:46:03 JST cR0w :cascadia:
  in reply to
  
  @mttaggart Look at you with your fancy command history logs. 🥲
  
  In conversation about 15 days ago permalink

Feeds