Toots for bongoknight@ioc.exchange account

Written by Bongoknight on 2025-01-27 at 08:38

@cR0w I was thinking of you right away! Time for some

quishosquatting? 😬

https://chaos.social/@attie/113877446353144416

=> More informations about this toot | View the thread

Written by Bongoknight on 2025-01-22 at 08:21

Je ne savais pas que l'ANSSI proposait un service de scans de vulns:

https://www.cert.ssi.gouv.fr/scans/

=> More informations about this toot | View the thread

Written by Bongoknight on 2025-01-10 at 15:14

Threat Analyst tip of the day to enrich or parse a file containing URL or domains:

Add 'import tldextract' and 'import urllib' to '~/.visidatarc'

Use @visidata to open your CSV, JSON, xslx, zip, log files

Then you can use function from this modules to parse your data urllib.parse.urlparse(column_name).fragment or tldextract.extract(column_name).registered_domain

Find some interesting patterns or rapid stats

Profit and have a cup of tea

[#]threatintel #visidata #SOC

=> More informations about this toot | View the thread

Written by Bongoknight on 2025-01-03 at 10:04

I started learning Go on Excercism. So far I enjoyed it, but why is the time formatting so weird?

The time.Parse function parses strings into values of type Time. Go has a special way of how you define the layout you expect for the parsing. You need to write an example of the layout using the values from this special timestamp: Mon Jan 2 15:04:05 -0700 MST 2006.

[#]golang

=> More informations about this toot | View the thread

Written by Bongoknight on 2024-12-19 at 14:48

As my employer is asking me to find low cost formation because I arrived too recently. Do you have any recommendation of such infosec related formation around 500$ max. Most interested in Blue Team/SOC/Hunting related topics. Does anyone have any experience with LetsDefend online courses? Was thinking of following this one as I want to initiate myself to Go. But it is pretty short and if the platform is cool I could follow more courses on it with a one year subscription.

The retoot and share helps someone to find something interesting to learn! :D

https://app.letsdefend.io/training/lessons/go-for-cybersecurity

[#]infosec #cti #blueteam #soc

=> More informations about this toot | View the thread

Written by Bongoknight on 2024-12-12 at 21:05

Threat Analyst/Infosec Playlist, I start but please share to have a bigger collection of songs!

Guten Morgen NSA, MoTrip

Cyclic Redundancy Check, The red strings club

APT, Rosé

[#]ThreatIntel #infosec #playlist

=> More informations about this toot | View the thread

Written by Bongoknight on 2024-12-09 at 15:33

Small update on the amino cluster documented in the first toot.

Seems to be related to a casino scam targeting at least Indonesian-speaking users:

https://urlscan.io/result/7582f0f0-bd8c-4b12-8b93-b7e7afc279bc/

While CloudflareTop1M seems to return only 2-digit domains, according to DomainTools other TLDs and domains ending in 3 digits seem to be used as well. Passive DNS records seem to indicate that these domains may be using animal-related subdomains.

I wonder if URLScan submissions and related sites could be found with the LiveChat ID used in the final page.

[#]CloudflareTop1M #threatintel

=> More informations about this toot | View the thread

Written by Bongoknight on 2024-12-09 at 13:59

Yet another big cluster of scamy casino websites that reached CloudFlare Top 1M (975 domains detected):

https://urlscan.io/search/#page.domain%3A%2F.*-casino-%5Ba-z%5D%7B3%7D%5C.(top%7Cbuzz)%2F

[#]CloudflareTop1M

[#]threatintel

=> More informations about this toot | View the thread

Written by Bongoknight on 2024-10-17 at 07:54

My CTI team is recruiting within the CERT Orange Cyberdefense. We are looking for an intern interested in analyzing cyber threats to join us around January 2025, either in Paris, Lyon or Rennes.

Profile wanted: cybersecurity, international relations, security studies, law, journalism, cybersecurity.

General knowledge in the field of cybersecurity and/or intelligence studies.

Knowledge of OSINT tools and methods.

Curious and critical mind, analysis and synthesis.

Excellent verbal and written communication skills.

Fluency in English (written expression) mandatory.

https://orange.jobs/jobs/v3/offers/142186

[#]cti #CyberMentoringMonday #FediHire

=> More informations about this toot | View the thread

Written by Bongoknight on 2024-09-27 at 15:52

Je commence à rédiger un cours d'introduction à la CTI (analyse des menaces informatiques) en français. Comme le support de cours sera un site hosté sur Github auquel sera probablement joint un PPT, je le partage dès maintenant ici.

https://bongoknight.github.io/cti-course/

Il faut garder en tête qu'il s'agit d'un prototypage, je commence seulement à rédiger quelques articles et à lister les sujets et les notions que je veux aborder. Je prévois d'étayer le contenu au fur et a mesure dans le mois qui vient.

En attendant, je suis preneur de vos retours. Pour ceux qui connaissent le sujet, voyez vous d'autres thèmes à aborder, il y a t'il des campagnes ou des malwares qui vous ont marqué récemment? Pour les autres, est-ce que ça paraît compréhensible, est-ce que c'est un sujet qui peut vous intéresser?

[#]cti

=> More informations about this toot | View the thread

Written by Bongoknight on 2024-08-22 at 14:57

Not to flex, but my team released a report on a loader a few days before Mandiant released their own! :p

Both articles for reference!

https://www.orangecyberdefense.com/global/blog/cert-news/emmenhtal-a-little-known-loader-distributing-commodity-infostealers-worldwide

https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/?hl=en

[#]emmenhtal #peaklight #cti

=> More informations about this toot | View the thread

Written by Bongoknight on 2024-08-12 at 13:34

My infosec paradox

I am conscious to be a highly privileged human and worker. I live in a beautiful country with tons of social advantages, I'm well paid to sit behind a desk all day long, I'm not directly exposed to hate, discrimination,

war and other human atrocities. I love my job, because I learn new things every single day and because digging data to exhume and expose bad behaviours is so thrilling. I feel like I have no right to complain.

But I often feel that something is misisng. I feel like I'm working 8 hours a day for nothing. I'm not making anyone's life better by doing my job. Worst of all, our industy's main client sectors are often those that make tons of money and thus support capitalism and profit over everything even human rights, social justice and ecology.

Then, on an individual level, being exposed to an endless flow of data is exhausting. Every day comes with new technologies, new actors, new fraud scheme, new malware to learn about. While I learn with passion, sometimes it feels soooo pointless. I always feel a few steps behind. In addition, even if I work with great people, I sometimes feel trapped in a parallel world of complex machines and black magic protocols (yeah DNS, I'm looking at you) that nobody around me understand anything about. Sometimes I wish I had never been introduced to this world and I could stay in the true real world where people are.

Do you share similar feelings? How do you cope with them? Especially, if you have been in the field for a long time, how havr you managed not to say "I'm leaving to become a teacher or a goat herder in the countryside". If you are in an other field, I'm interested too, do you have similar feelings and questions? And don't forget: sharing is caring!

[#]cti #infosec

=> More informations about this toot | View the thread

=> This profile with reblog | Go to bongoknight@ioc.exchange account

Proxy Information

Original URL: gemini://mastogem.picasoft.net/profile/109268779133373620
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 341.984178 milliseconds
Gemini-to-HTML Time: 2.657185 milliseconds

This content has been proxied by September (3851b).