AJ King's Avatar

AJ King

@ajking.io

Threat Research at SnapAttack now part of Splunk now part of Cisco / Detection Engineering / Dad | #DetectionEngineering #ThreatHunting #PurpleTeam | Header art from http://art.vx-underground.org.

633
Followers 275
Following 4
Posts 25.04.2023
Joined
Posts Following

Latest posts by AJ King @ajking.io

Preview
ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling ESXi ransomware attacks target virtualized infrastructures using SSH tunneling to remain undetected. Discover the techniques, forensic insights, and actionable defense strategies to protect your ESXi ...

Reminder: Don't neglect ESXi logging!
SSH Tunneling is being used for persistence on ESXi servers.
www.sygnia.co/blog/esxi-ra...
I'll just put this here: detect.fyi/vmware-esxi-...

27.01.2025 17:38 πŸ‘ 5 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

πŸŽ„ Twas the night before JonMon, and all through the net,
πŸ” Defenders were stirring, their systems to vet.
πŸ› οΈ The telemetry was hung in EventViewer with care,
✨ In hopes that Jonny Johnson soon would be there.

πŸ“… Friday, January 24th
⏰ 11 AM MST | 1 PM EST
πŸ“Ί

YouTube: youtube.com/watch?v=CqEhtg…

24.01.2025 03:02 πŸ‘ 5 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Reader Read and highlight anything

Readwise Reader read.readwise.io

23.01.2025 21:12 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

@techy.detectionengineering.net Detection Engineering Weekly gems never fail to provide value!

23.01.2025 17:51 πŸ‘ 4 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
VMware ESXi Logging & Detection Opportunities ESXi environments, with their lack of AV/EDR support, present a unique challenge to Detection Engineers. Not only are these environments…

TIL there is a LOLESXi project. lolesxi-project.github.io/LOLESXi/

Great post by @n-burns.bsky.social on ESXi logging! It includes a tool he made to make running adversarial tests against ESXi easier. It also includes some detections!
detect.fyi/vmware-esxi-...

23.01.2025 17:50 πŸ‘ 4 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0