Brian Clark

What day is it? #piday

RE: @verge@mastodon.social

This shouldn’t baffle anyone. This is a transactional administration and clearly the right people were paid off. #uspol

RE: @patrickcmiller@infosec.exchange

Here are some controls to put in place to prevent this attack from happening to you:
- Block ISO file extensions from being emailed to your users
- Prevent downloads of ISO files from untrusted sites (such as consumer friendly file storage services)
- Change your Windows File Explorer settings to associate the .ISO file extension with Notepad.exe so it won’t auto mount when double-clicked
#cybersecurity

What are Out-of-band Application Security Testing (OAST) domains? Out-of-band application security testing (OAST) is a method for finding exploitable vulnerabilities in a web application by forcing a target to call back to a piece of infrastructure controlled by the tester. OAST domains (sub-domains most often) are often free and hosted by OAST tool providers like interact.sh. What happens when something is free on the Internet? It gets abused.

Let’s make tOAST of the most commonly abused OAST domains! @greynoise@infosec.exchange has an in-depth writeup on recent campaigns using OAST infrastructure.

OAST Domains/Provider:
All 33 campaigns use Interactsh
5,560 unique callback sub-domains observed
Block these domains to stop these attacks: oast.pro, oast.live, oast.fun, oast.me, oast.site

#cybersecurity

https://www.labs.greynoise.io/grimoire/2026-02-20-weekly-oast-report/

RE: @ScumBots@infosec.exchange

Come ‘on now?!? Who still doesn’t have *.ngrok.io blocked? Ngrok themselves don’t even recommend using this domain any longer. #cybersecurity

Watched the movie Mickey 17 last night. I know it was not commercially successful, but I liked it. Good weird sci-fi movie with interesting characters. #movies #cinema

https://www.rottentomatoes.com/m/mickey_17

RE: @campuscodi@mastodon.social

Security firm Bitdefender has an in-depth report on the latest TTPs and #IOC ‘s used by an APT group, shared by Catalin below. You may not be targeted by this group, but they use the very common technique of Living off Trusted Services. One highlighted in this report is Discord. I strongly agree with Bitdefender’s advice of controlling or blocking access to Discord. Another service mentioned is the file-sharing service tmpfiles.org — limit or block access to that too. #cybersecurity #threatintel

New report from Palo Alto’s Unit42 on sophisticated attacks with long dwell times by one or more Chinese threat groups. There is a lot going on in this article and much of it likely doesn’t apply to my organization, but I try to learn from reports like this at least one thing that I can bring to my organization to improve our security posture. In this case I learned about DumpIt — a new-to-me free multiplatform forensics tool. I’m going to add that to an upcoming threat hunt and will build detections for it as well. #cybersecurity #threatintel

https://unit42.paloaltonetworks.com/cl-unk-1068-targets-critical-sectors/

A new-to-me #Porter: Tupac Shaporter from Ivanhoe Park Brewing Co. in Orlando, FL. #beersofmastodon #beer

RE: @scalzi@mastodon.social

#catsofmastodon #caturday

RE: @orlysec@swecyb.com

Maybe you’ve noticed that I’ve repeatedly recommended that you should block access to *.vercel.app ? Well, here are 31 more reasons. Also, block pastebin.com too. #cybersecurity

Geoshitties for the win! If you use @badsamurai@infosec.exchange ‘s blocklists you’d have already blocked *.vercel.app which is a key link in the kill chain for this attack described by Microsoft. My advice: block Vercel for everyone in your org except for those that have a business need. #cybersecurity

https://www.microsoft.com/en-us/security/blog/2026/02/24/c2-developer-targeting-campaign/

RE: @merill@infosec.exchange

This should be handy for Microsoft SysAdmins. I ran into an issue with old modules recently and I’m going to try this out. Merill is a trusted source for this sort of stuff and happens to work for Microsoft. #powershell

Happy day-after #caturday from this guy, enjoying a walk on this fine Fall afternoon #catsofmastodon #cats