Drum Cult's Avatar

Drum Cult

@drumcult

Everyone starts from point one Shahanshah of DFIR

211
Followers 362
Following 10
Posts 05.07.2023
Joined
Posts Following

Latest posts by Drum Cult @drumcult

Our latest investigation…

31.05.2025 21:13 πŸ‘ 156 πŸ” 56 πŸ’¬ 7 πŸ“Œ 0
Preview
Keys to the (SaaS) kingdom During an investigation CyberCX became aware of a campaign consisting of multiple incidents associated with the same threat actor utilising domain registration hijacking to target financial technology...

We published some cool adversary tradecraft in a blog here: cybercx.com.au/blog/keys-to... (there's also a TLP CLEAR advisory floating around).

MX hijacking is brutal - and bypasses all your enterprise controls.

29.05.2025 08:13 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

The most interesting bit here is that the best Western gov cyber outfits overhauled their operational approach after the mid-10s to focus more on avoiding detection.

The era of the "factory ops" was too risky with the rise of threat intel.

Harder to reliably spot 2025's Regin, Careto, Flame, etc

26.05.2025 07:55 πŸ‘ 21 πŸ” 5 πŸ’¬ 1 πŸ“Œ 0
Post image

Still wondering… Why does Zoom have offices? πŸ€”πŸ˜‡πŸ˜Ž

25.05.2025 17:23 πŸ‘ 5 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0

Nothing's are nice... But not de-Googled?

23.05.2025 11:05 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Looks just fine (sent from a Pixel running Graphene)

23.05.2025 10:22 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
β€˜Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential refuge addresses A data extortion incident impacting the British government’s Legal Aid Agency could have serious implications for vulnerable people.

Sensitive information about women and girls who have survived domestic abuse is now expected to be exposed through a data extortion incident impacting the British government’s Legal Aid Agency, potentially revealing their locations to abusers and in some cases requiring them to move homes.

21.05.2025 15:09 πŸ‘ 25 πŸ” 33 πŸ’¬ 1 πŸ“Œ 2
Chart showing the number of new podcasts produced returning to 2018 levels after a 2020 high

Chart showing the number of new podcasts produced returning to 2018 levels after a 2020 high

In a rare bit of good news for everyone, the number of new podcasts being created is going down. on.ft.com/4ihZp86 Presumably because everyone already has one

12.04.2025 07:26 πŸ‘ 1198 πŸ” 218 πŸ’¬ 42 πŸ“Œ 88
Post image Post image

So the reason Norfolk Island copped a dramatically higher tariff than the rest of Australia is two shipments of Timbaland boots from the Bahamas and some aquarium supplies from the UK that had their point of origin mislabeled or misrecorded.

www.theguardian.com/australia-ne...

04.04.2025 03:53 πŸ‘ 1048 πŸ” 327 πŸ’¬ 34 πŸ“Œ 95

Yes but did you pass ?

28.03.2025 09:38 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Yes, but it's bigger than just cyber - what if your hyperscaler/public cloud vendor of choice/email and business productivity suite of choice turns you off ?

22.03.2025 23:55 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Nice talk !

27.02.2025 08:37 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Real men don’t barricade women and children. Real men don’t threaten and intimidate. Real men don’t preach hate. Real men DO show respect, compassion & love. Real men are comfortable enough in who they are to celebrate the diversity of others. Brian Tamaki you are just a boy.

15.02.2025 08:38 πŸ‘ 742 πŸ” 154 πŸ’¬ 56 πŸ“Œ 16

Great to see our little report covered by @patrick.risky.biz and @metlstorm.risky.biz πŸ’ͺ

14.02.2025 21:47 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

PS: We didn't make particularly clear that the whilst the VOLUME of cases skewed towards BECs / Financial crime, a more relevant metric would have been something like people-hours of effort - BECs Smol, Espionage bigly - lots of the big gnarly APT cases involve 1000s of hrs of effort...

14.02.2025 21:38 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

So a good chunk of those "unknown" cases were espionage, but they fit into the "vibes based" attribution rather than any sort of rigor, and a wider set were on the fence.

14.02.2025 21:35 πŸ‘ 1 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0
Preview
Costa Rica refinery cyberattack was first deployment for new US response program, ambassador says A recent ransomware attack on RECOPE, Costa Rica's state-run energy company, was the first real-world test for FALCON, a new State Department program for foreign incident response, a top diplomat tell...

EXCLUSIVE: A potentially catastrophic ransomware attack on Costa Rica’s largest oil refinery last year was the first real-world test of the U.S. State Department’s new rapid response tool for cybersecurity incidents.

Only on @therecordmedia.bsky.social

therecord.media/state-depart...

17.01.2025 18:40 πŸ‘ 13 πŸ” 6 πŸ’¬ 0 πŸ“Œ 0

I sincerely hope that any Americans pining for Chinese social media because American social media is so repressive and censorious, or pining for the experience of an average person in China because average Americans are so poor, beaten down, and despairing never have to experience why they're wrong.

15.01.2025 19:13 πŸ‘ 103 πŸ” 8 πŸ’¬ 10 πŸ“Œ 1
A cross-sectional diagram of Mt. Crumpit showing a hidden entrance concealed by bricks and rubble, leading to a cave where the Grinch is depicted lying down in a simple line art style, reminiscent of the Saddam Hussein hiding place meme format. The image uses a purple-tinted background for the mountain exterior and includes white dotted circles highlighting key areas with labeled arrows pointing to "Entrance hidden by bricks and rubble" and "The Grinch."

A cross-sectional diagram of Mt. Crumpit showing a hidden entrance concealed by bricks and rubble, leading to a cave where the Grinch is depicted lying down in a simple line art style, reminiscent of the Saddam Hussein hiding place meme format. The image uses a purple-tinted background for the mountain exterior and includes white dotted circles highlighting key areas with labeled arrows pointing to "Entrance hidden by bricks and rubble" and "The Grinch."

WHOVILLE, Libya (Reuters) - The Grinch, and his loyalist bodyguard Max, broke out of the two-month siege of Mt. Crumpit. Once his convoy was hit by SANTA aircraft, the Grinch was captured and killed by pursuing Whoville units.

24.12.2024 22:55 πŸ‘ 60 πŸ” 9 πŸ’¬ 1 πŸ“Œ 1
Post image

Bashar al-Assad, the London Ophthalmologist?

08.12.2024 06:42 πŸ‘ 64 πŸ” 4 πŸ’¬ 1 πŸ“Œ 0

for whom the doom scrolls

03.12.2024 05:08 πŸ‘ 523 πŸ” 86 πŸ’¬ 7 πŸ“Œ 2
Video thumbnail

CTI is the cause of my brainrot but I really cooked on this #salttyphoon #telecomhack

26.11.2024 22:18 πŸ‘ 49 πŸ” 18 πŸ’¬ 5 πŸ“Œ 3

Maybe they're paid by the hour...?

22.11.2024 02:39 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

A quick update to say that i’ll be posting all my content to Milf Messenger which is crucially not an echo chamber and is *actually* the place where free speech, spirited debate, and the marketplace of ideas thrives

17.11.2024 12:01 πŸ‘ 4277 πŸ” 691 πŸ’¬ 87 πŸ“Œ 23
Batman wearing a Santa hat. The hat has holes for the ears of his cowl to poke through.

Batman wearing a Santa hat. The hat has holes for the ears of his cowl to poke through.

Batman wearing two tiny Santa hats, each on the tip of one of the ears of his cowl.

Batman wearing two tiny Santa hats, each on the tip of one of the ears of his cowl.

If Batman was a Santa, would he wear his hat like this, or like this

25.11.2023 00:32 πŸ‘ 3243 πŸ” 1121 πŸ’¬ 99 πŸ“Œ 75