Martijn Eikelenboom's Avatar

Martijn Eikelenboom

@meikelenboom

#InfoSec. Opinions are my own.

156
Followers 229
Following 25
Posts 25.07.2023
Joined
Posts Following

Latest posts by Martijn Eikelenboom @meikelenboom

Post image

My @disobeyfi.bsky.social talk is finally out! Link to video and slides available at aadinternals.com/talks

And yes, @notmynick.bsky.social used some weird filter, I'm not that fat nor old 😜

11.03.2025 17:14 πŸ‘ 16 πŸ” 5 πŸ’¬ 1 πŸ“Œ 0

Very excited to be able to announce this.

And for the record: OrangeCon is a nonprofit, trainings are quite affordable. The money we make from those goes into keeping the conference cheap!

11.03.2025 23:24 πŸ‘ 7 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0

What I read from the post, implement MFA on remote access, look at your EDR alerts and consider network monitoring. And yes segmenting you cameras is also a good idea, but MFA and looking at your EDR alerts should be a higher priority.

07.03.2025 07:39 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

The takeway from this news message should not be to focus on camera's or to be scared of new ransomware tacticts. The takeway should be to implement MFA, look at your EDR alerts and consider network monitoring.
www.bleepingcomputer.com/news/securit...

07.03.2025 07:37 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

DFIR specialist Mthcht has released LOLC2, a collection of C2 frameworks that leverage legitimate services to evade detection

lolc2.github.io

11.02.2025 20:10 πŸ‘ 41 πŸ” 19 πŸ’¬ 2 πŸ“Œ 3
Preview
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware Key Takeaways This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility. The threat actor used Rclone to exfiltrate data…

🌟New report out today!🌟

Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware

Analysis & reporting completed by @r3nzsec, @MyDFIR & @MittenSec.

Audio: Available on Spotify, Apple, YouTube and more!

thedfirreport.com/2025/01/27/c...

27.01.2025 12:55 πŸ‘ 24 πŸ” 10 πŸ’¬ 1 πŸ“Œ 2
Security Advisory

psirt.global.sonicwall.com/vuln-detail/...

Security Advisory CVSS 9.8 Vulnerability

23.01.2025 12:48 πŸ‘ 0 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image
23.01.2025 07:14 πŸ‘ 74 πŸ” 14 πŸ’¬ 1 πŸ“Œ 0

Doing external IR for hands-on-keyboard is crazy hard, it's not something I really do much but on occasion observe. The layers of people and systems and fog of war and butt covering and breadth of skills and investigative practice and tracking of threads of information and timeline mapping. Crazy.

23.01.2025 06:15 πŸ‘ 123 πŸ” 6 πŸ’¬ 9 πŸ“Œ 1
Preview
Meta Is Laying the Narrative Groundwork for Trump’s Mass Deportations Multiple experts drew comparisons between Meta's recent changes around immigration and what happened in Myanmar in 2017, where Facebook contributed to a genocide by allowing the spread of hate.

New from 404 Media: Meta is laying the narrative groundwork for Trump's mass deportations. Meta now says users can call migrants pieces of trash, vomit, etc. Multiple experts drew parallels to when Facebook contributed to a genocide in Myanmar. Now U.S. www.404media.co/meta-is-layi...

16.01.2025 14:45 πŸ‘ 1169 πŸ” 528 πŸ’¬ 62 πŸ“Œ 63

Thanks. Had a talk with a Microsoft rep a couple of weeks ago and they didn’t know this.

14.01.2025 20:36 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
a user reporting a phishing email to their IT team

a user reporting a phishing email to their IT team

the same user being assigned phish training for supposedly falling for a phish test.

the same user being assigned phish training for supposedly falling for a phish test.

This is why end-users hate IT/security teams.

13.01.2025 17:10 πŸ‘ 437 πŸ” 68 πŸ’¬ 44 πŸ“Œ 19

I'm not aware you can deploy Defender for Endpoint rules? Sentinel, yes, but not MDE. Seriously mis this option as you can't do proper source control.

14.01.2025 15:44 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Congrats, well deserved!

07.01.2025 11:38 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Siri β€œunintentionally” recorded private convos; Apple agrees to pay $95M Apple users may get $20 each for up to five Siri-enabled devices.

Apple acknowledges that Siri unintentionally recorded private conversations

"The only clue that users seemingly had of Siri's alleged spying was eerily accurate targeted ads that appeared after they had just been talking about specific items"

arstechnica.com/tech-policy/...

03.01.2025 03:52 πŸ‘ 67 πŸ” 29 πŸ’¬ 9 πŸ“Œ 10
Preview
Hoe Iran via Nederlandse supermarktketen Spar poogt de sancties te omzeilen De Nederlandse supermarktketen Spar is heimelijk gebruikt om de strenge sancties tegen het Iraanse regime te omzeilen. Uit honderden documenten blijkt dat dubieuze transacties plaatsvonden onder de li...

Nieuws: de Nederlandse supermarktketen Spar in Iran werd stiekem gebruikt om de strenge Westerse sancties tegen het land te omzeilen.

Na vragen van de Volkskrant heeft Spar International de licentie voor Spa Iran ingetrokken:

www.volkskrant.nl/buitenland/h...

23.12.2024 08:01 πŸ‘ 33 πŸ” 6 πŸ’¬ 3 πŸ“Œ 1

Interesting case I heard. Receiving 1500 - 5000 newsletters a week for certain employees. I was expecting a call from ' IT' and an RMM tool, but apparently this was a disgruntled employee using a bot to sign up for thousands of newsletters. No clue on how to fix this.

20.12.2024 09:14 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Microsoft also explains that it has received gag orders for 28% of all US government disclosure requests: β€œIn the second half of 2022, Microsoft received secrecy orders attached to 28% percent of U.S. legal demands, including federal, state, and local law enforcement demands, totalling 1,465 secrecy orders. Of these, 1,184 were issued by federal law enforcement authorities.

Microsoft also explains that it has received gag orders for 28% of all US government disclosure requests: β€œIn the second half of 2022, Microsoft received secrecy orders attached to 28% percent of U.S. legal demands, including federal, state, and local law enforcement demands, totalling 1,465 secrecy orders. Of these, 1,184 were issued by federal law enforcement authorities.

Microsoft adherents will often state that Microsoft would "let you know" if the US government requested your (government) data. Turns out, there are lots of requests with secrecy orders attached, as uncovered by this (disastrous) privacy impact assessment […]

[Original post on fosstodon.org]

18.12.2024 14:55 πŸ‘ 1 πŸ” 8 πŸ’¬ 0 πŸ“Œ 0
Preview
Nog voordat de Maccabi-rellen uitbraken, keek de politie al mee in pro-Palestijnse appgroepen Onrust Amsterdam: Deze week staan enkele relschoppers terecht voor ongeregeldheden rond de wedstrijd Ajax-Maccabi Tel Aviv. Naast camerabeelden vormen berichten uit appgroepen belangrijk bewijs. Maar ...

Het geweld tegen IsraΓ«liers in Amsterdam toonde volgens minister Van Weel de noodzaak aan om de politie ruimere bevoegdheden te geven om mee te kunnen kijken in online chatgroepen.

Maar wat blijkt nu: de politie zat voorafgaand aan de rellen al in appgroepen en keek mee

www.nrc.nl/nieuws/2024/...

10.12.2024 08:27 πŸ‘ 81 πŸ” 41 πŸ’¬ 5 πŸ“Œ 0

Maar awareness is 1 van de vele maatregelen die je moet nemen en niet dΓ© maatregel zoals velen het soms lijken te zien. NIST CSF heeft 108 controls waarvan er 1 over awareness gaat. Dat is wat mij betreft een aardig beeld over hoe de verhouding zou moeten zijn.

03.12.2024 18:52 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Ik denk dat de investeringen en effort in andere maatregelen prioriteit zouden moeten krijgen. Een goede vorm van awareness zorgt er wel voor dat security gaat leven bij medewerkers. En dat is nodig omdat niet alle maatregelen zonder impact zijn en een mate van adoptie nodig hebben.

03.12.2024 18:48 πŸ‘ 1 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0