Jorge Orchilles
@jorgeorchilles.bsky.social
SANS Principal Instructor & Author #SEC565 | #RedTeam | #PurpleTeam | #PenTest | #C2Matrix Creator | ATT&CK & Atomic Red Team Contributor | Published Author
Save the date and register for the official release of the 2025 Verizon Data Breach Investigations Report hashtag#DBIR aka THE REPORT on April 23: www.brighttalk.com/webcast/1509...
2025 Data Breach Investigations Report Key Findings
The Verizon Data Breach Investigations Report (DBIR) is the authoritative source of cybersecurity breach information. This annual report provides an unparalleled, data-driven analysis of real-world cy...
www.brighttalk.com
April 18, 2025 at 8:37 PM
Save the date and register for the official release of the 2025 Verizon Data Breach Investigations Report hashtag#DBIR aka THE REPORT on April 23: www.brighttalk.com/webcast/1509...
At VulnCon this week, if you are here, say hi. Already got a ton of value from this conference: did an SBOM workshop, a couple VEX talks from folks leading that effort in Cisco and Nvidia, and of course AI. Looking forward for the next few days!
April 7, 2025 at 6:41 PM
At VulnCon this week, if you are here, say hi. Already got a ton of value from this conference: did an SBOM workshop, a couple VEX talks from folks leading that effort in Cisco and Nvidia, and of course AI. Looking forward for the next few days!
Formula 1 is back! If you played last year, you can rejoin without a passcode. If you would like to play, set up a team at fantasygp.com and DM me for the code to join #InfoSecF1
March 6, 2025 at 12:47 PM
Formula 1 is back! If you played last year, you can rejoin without a passcode. If you would like to play, set up a team at fantasygp.com and DM me for the code to join #InfoSecF1
Reposted by Jorge Orchilles
Threat intelligence is about more than just regurgitating indicators you found in someone else's reports.
If this is your idea of "threat intelligence" then AI is 100% coming for your job.
If this is your idea of "threat intelligence" then AI is 100% coming for your job.
January 29, 2025 at 7:55 PM
Threat intelligence is about more than just regurgitating indicators you found in someone else's reports.
If this is your idea of "threat intelligence" then AI is 100% coming for your job.
If this is your idea of "threat intelligence" then AI is 100% coming for your job.
Reposted by Jorge Orchilles
🌟New report out today!🌟
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
Analysis & reporting completed by @r3nzsec, @MyDFIR & @MittenSec.
Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/01/27/c...
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
Analysis & reporting completed by @r3nzsec, @MyDFIR & @MittenSec.
Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/01/27/c...
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
Key Takeaways This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility. The threat actor used Rclone to exfiltrate data…
thedfirreport.com
January 27, 2025 at 12:55 PM
🌟New report out today!🌟
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
Analysis & reporting completed by @r3nzsec, @MyDFIR & @MittenSec.
Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/01/27/c...
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
Analysis & reporting completed by @r3nzsec, @MyDFIR & @MittenSec.
Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/01/27/c...
Reposted by Jorge Orchilles
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...
Process Hollowing on Windows 11 24H2
Process Hollowing (a.k.a. RunPE) is probably the oldest, and the most popular process impersonation technique (it allows to run a malicious executable under the cover of a benign process). It is us…
hshrzd.wordpress.com
January 26, 2025 at 11:55 PM
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...
Reposted by Jorge Orchilles
FalconHound 1.4.2 is out!
* Added Managed identity authentication for Azure based inputs (KeyVaults, MDE, Sentinel, GraphAPI)
* Added report command line option and actions
* Added HTML output option
Grab it here > github.com/FalconForceT...
* Added Managed identity authentication for Azure based inputs (KeyVaults, MDE, Sentinel, GraphAPI)
* Added report command line option and actions
* Added HTML output option
Grab it here > github.com/FalconForceT...
Releases · FalconForceTeam/FalconHound
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log ag...
github.com
December 30, 2024 at 4:09 PM
FalconHound 1.4.2 is out!
* Added Managed identity authentication for Azure based inputs (KeyVaults, MDE, Sentinel, GraphAPI)
* Added report command line option and actions
* Added HTML output option
Grab it here > github.com/FalconForceT...
* Added Managed identity authentication for Azure based inputs (KeyVaults, MDE, Sentinel, GraphAPI)
* Added report command line option and actions
* Added HTML output option
Grab it here > github.com/FalconForceT...
Reposted by Jorge Orchilles
Wicked pumped for our community to have won the SANS Difference Makers award 2024 "Podcast of the Year"
Community, Cyber, Coffee, and Carl
Community, Cyber, Coffee, and Carl
December 16, 2024 at 7:00 PM
Wicked pumped for our community to have won the SANS Difference Makers award 2024 "Podcast of the Year"
Community, Cyber, Coffee, and Carl
Community, Cyber, Coffee, and Carl
Reposted by Jorge Orchilles
The Paranoids @ Yahoo was one of the oldest, largest, and highest reputation internal security teams in the industry.
A lot of good talent was built and trained there.
This is a shame.
A lot of good talent was built and trained there.
This is a shame.
December 13, 2024 at 2:34 AM
The Paranoids @ Yahoo was one of the oldest, largest, and highest reputation internal security teams in the industry.
A lot of good talent was built and trained there.
This is a shame.
A lot of good talent was built and trained there.
This is a shame.
Reposted by Jorge Orchilles
If they find the perpetrator, I can't imagine how they manage to avoid jury nullification. It's not just patients. Change Healthcare (part of United) turned the lives of so many provider upside down and most will never be made whole.
nypost.com/2024/12/04/u...
nypost.com/2024/12/04/u...
Exclusive | UnitedHealthcare CEO Brian Thompson fatally shot outside Hilton hotel in Midtown in possible targeted attack: sources
The CEO of UnitedHealth was fatally shot in the chest Wednesday morning outside the Hilton hotel in Midtown in what police say was a targeted attack.
nypost.com
December 4, 2024 at 3:10 PM
If they find the perpetrator, I can't imagine how they manage to avoid jury nullification. It's not just patients. Change Healthcare (part of United) turned the lives of so many provider upside down and most will never be made whole.
nypost.com/2024/12/04/u...
nypost.com/2024/12/04/u...
Reposted by Jorge Orchilles
Purple Team metrics can be tough and conflated with BAS testing so here’s a few, but feel free to add your own in the comments.
1. Engagements with SOC per year/quarter.
2. Intel leads tested.
3. Custom tests to verify detection logic.
4. Request for testing completed %
1. Engagements with SOC per year/quarter.
2. Intel leads tested.
3. Custom tests to verify detection logic.
4. Request for testing completed %
December 4, 2024 at 12:46 AM
Purple Team metrics can be tough and conflated with BAS testing so here’s a few, but feel free to add your own in the comments.
1. Engagements with SOC per year/quarter.
2. Intel leads tested.
3. Custom tests to verify detection logic.
4. Request for testing completed %
1. Engagements with SOC per year/quarter.
2. Intel leads tested.
3. Custom tests to verify detection logic.
4. Request for testing completed %
Excellent write up from the folks @volexity.com www.volexity.com/blog/2024/11...
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...
www.volexity.com
November 26, 2024 at 7:00 PM
Excellent write up from the folks @volexity.com www.volexity.com/blog/2024/11...
Reposted by Jorge Orchilles
You won't always win. That's okay.
The goal is to win as many as you can and learn as much as you can from the ones you lose.
The goal is to win as many as you can and learn as much as you can from the ones you lose.
November 22, 2024 at 2:39 AM
You won't always win. That's okay.
The goal is to win as many as you can and learn as much as you can from the ones you lose.
The goal is to win as many as you can and learn as much as you can from the ones you lose.
Hi friends! Just switched over. Please connect so I can follow you back!
November 22, 2024 at 4:05 AM
Hi friends! Just switched over. Please connect so I can follow you back!
November 24, 2024 at 1:50 AM
I first met @bsdaemon when I was randomly put on the BRA (Brasil) team at Hack Cup too many years ago (we went on to win and get free tickets to INFILTRATE). I had no idea who he was other than just a kind, fun dude that played soccer. Here is his profile:...
November 24, 2024 at 1:50 AM
I first met @bsdaemon when I was randomly put on the BRA (Brasil) team at Hack Cup too many years ago (we went on to win and get free tickets to INFILTRATE). I had no idea who he was other than just a kind, fun dude that played soccer. Here is his profile:...
C2 via Microsoft Windows print functionality? Yes please: https://diverto.hr/en/blog/2024-05-03-MS-Windows-Printing-C2/ Thanks for @c2_matrix shout out
Abusing MS Windows printing for C2 communication
Diverto is an information security company. We provide co...
diverto.hr
November 24, 2024 at 1:50 AM
C2 via Microsoft Windows print functionality? Yes please: https://diverto.hr/en/blog/2024-05-03-MS-Windows-Printing-C2/ Thanks for @c2_matrix shout out
We need to reset expectations. LLMs are not "discovering" novel attacks or 0days. They are lowering the barrier for entry for all types of hackers. Embrace it, let it help you. Criminals already are: https://thehackernews.com/2024/04/microsoft-warns-north-korean-hackers.html
Microsoft Warns: North Korean Hackers Turn to AI-Fueled C...
North Korea's state-linked hackers are enhancing their op...
thehackernews.com
November 24, 2024 at 1:50 AM
We need to reset expectations. LLMs are not "discovering" novel attacks or 0days. They are lowering the barrier for entry for all types of hackers. Embrace it, let it help you. Criminals already are: https://thehackernews.com/2024/04/microsoft-warns-north-korean-hackers.html
Spotted @BSidesTampa Learning some more Azure stuff with @SecurePeacock and a nice little demo @mrgretzky may recognize the tool
November 24, 2024 at 1:50 AM
Spotted @BSidesTampa Learning some more Azure stuff with @SecurePeacock and a nice little demo @mrgretzky may recognize the tool
I should have stayed up for this race! My fantasy team did terrible but how about Ferrari!!!!! #InfoSecF1
November 24, 2024 at 1:57 AM
I should have stayed up for this race! My fantasy team did terrible but how about Ferrari!!!!! #InfoSecF1
Spent the last year @Verizon running the offensive security team (more accurately called Readiness and Proactive Security) One of the innovative things I got to do was build an AI Red Team with @teschulz We will share lessons learned and how to get...
November 24, 2024 at 1:57 AM
Spent the last year @Verizon running the offensive security team (more accurately called Readiness and Proactive Security) One of the innovative things I got to do was build an AI Red Team with @teschulz We will share lessons learned and how to get...
Anyone have an extra ticket for Wicys? I have a direct report that has booked flight and hotel but now needs a ticket. This will be her first time attending, please RT for reach.
November 24, 2024 at 1:57 AM
Anyone have an extra ticket for Wicys? I have a direct report that has booked flight and hotel but now needs a ticket. This will be her first time attending, please RT for reach.
2nd race of the 2024 season in the books with @SecurePeacock taking P1. @paulpols and I sharing the podium with him. Paul manages to hold on to the lead but a long way to go with 22 more races this season! #InfoSecF1
November 24, 2024 at 1:57 AM
2nd race of the 2024 season in the books with @SecurePeacock taking P1. @paulpols and I sharing the podium with him. Paul manages to hold on to the lead but a long way to go with 22 more races this season! #InfoSecF1
The AI Red Team @Verizon is growing! Join me and @teschulz as we continue building one of the best AI Red Team in the industry: https://verizon.wd5.myworkdayjobs.com/verizon-careers/job/Basking-Ridge-New-Jersey/Principal-AI-Red-Team-Reseacher_R-1029069
Verizon Updated Candidate Home | Verizon Careers
verizon.wd5.myworkdayjobs.com
November 24, 2024 at 2:04 AM
The AI Red Team @Verizon is growing! Join me and @teschulz as we continue building one of the best AI Red Team in the industry: https://verizon.wd5.myworkdayjobs.com/verizon-careers/job/Basking-Ridge-New-Jersey/Principal-AI-Red-Team-Reseacher_R-1029069
First #InfoSecF1 results are in! Congrats to @paulpols and @MarcOverIP for P1 and P2
November 24, 2024 at 2:04 AM
First #InfoSecF1 results are in! Congrats to @paulpols and @MarcOverIP for P1 and P2