Collaborate Disseminate
Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have annou… Continue reading Thanks Storm-0558! Microsoft to expand default access to cloud logs
Is it possible to determine whether someone has hijacked a RDP session with tscon?
I tried to look into TerminalService-LocalSessionManager logs, the EventID 25 looks much like it, but a normal reconnect would create the same log entry.
An… Continue reading Detect tscon execution from event logs
Is it possible to determine whether someone has hijacked a RDP session with tscon?
I tried to look into TerminalService-LocalSessionManager logs, the EventID 25 looks much like it, but a normal reconnect would create the same log entry.
An… Continue reading Detect tscon execution from event logs
Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those credentials can then be used log in to any of the organization’s platforms tha… Continue reading A common user mistake can lead to compromised Okta login credentials
For a web app that will get heavily attacked, I figure one very useful tool will be audit tracking of what occurred for both getting a better picture of attacks and , if the worst happens, learning exactly what went down to both mitigate t… Continue reading Audit tracking for web users [closed]
While it can be straightforward to distill water to high purity, this is rarely the best method for producing water for useful purposes. Even drinking water typically needs certain minerals …read more Continue reading Remote Water Quality Monitoring
Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s storage access logs, Mitiga researchers have discovered. GCP data exfiltration … Continue reading Google Cloud Platform allows data exfiltration without a (forensic) trace
I have been hacked, and I have been to the the police… getting hacked over and over again. My gmail logins show an "unknown" browser from the same IP as my log-ins. Even when I’m for some days on vacation, the "unknown&quo… Continue reading Unknown logins in my Gmail account [closed]
These are the warning logs from my router..
What is Detect UDP port scan attack? And what is ip 213.74.0.1 ? Does it belong to local area?
2023-02-19 00:12:17 Security Warning Intrusion -> SRC=167.94.146.24 DST=10.127.35.103 LEN=44 … Continue reading Router security logs.. What each of them means?
These are the warning logs from my router.
What is a UDP port scan attack? And what is IP 213.74.0.1? Does it belong to the local area?
2023-02-19 00:12:17 Security Warning Intrusion -> SRC=167.94.146.24 DST=10.127.35.103 LEN=44 TOS… Continue reading What is a UDP port scan attack? How to find out if an IP is in my local area? [closed]