Paul Batson
@paulbatson.bsky.social
Lazysecurity on the hellsite and infosec.exchange. Secops geek. Detection engineering, threat hunting & IR mostly. Occasionally helps out with some analysis or testing pens. Former BSidesLondon organiser.
I don’t think I’ll ever get tired of the sunsets in the Philippines
May 18, 2025 at 3:49 AM
I don’t think I’ll ever get tired of the sunsets in the Philippines
Reposted by Paul Batson
Threats is a very serious book with a silly coat of paint on it. Some folks seem to judge books by their cover. But, for a very limited time, you can get the book for free, and judge it on the content. If you’ve been waiting, there’s now no risk.
www.neowin.net/sponsored/th...
www.neowin.net/sponsored/th...
Threats: What Every Engineer Should Learn From Star Wars ($15 Value) now completely free
Secure your applications with help from your favorite Jedi masters!
www.neowin.net
April 21, 2025 at 3:24 PM
Threats is a very serious book with a silly coat of paint on it. Some folks seem to judge books by their cover. But, for a very limited time, you can get the book for free, and judge it on the content. If you’ve been waiting, there’s now no risk.
www.neowin.net/sponsored/th...
www.neowin.net/sponsored/th...
Think I’ll be having a play with this today and see what detection opportunities are in there #linux #ttp #detectionengineering github.com/Aegrah/PANIX...
Release panix-v2.1.0 · Aegrah/PANIX
Release
I'm excited to announce the release of PANIX v2.1.0 – a major update that introduces five brand-new persistence techniques and their corresponding revert scripts. This release significantly...
github.com
March 8, 2025 at 11:25 PM
Think I’ll be having a play with this today and see what detection opportunities are in there #linux #ttp #detectionengineering github.com/Aegrah/PANIX...
Do any of my followers have any contacts at Snapchat? A close friend has been phished but realised a couple of mins later and reset her creds. The email she has received afterwards isn't clear if the attempted auth was successful or not. She is fraught with worry. Please repost for visibility.
February 11, 2025 at 7:03 PM
Do any of my followers have any contacts at Snapchat? A close friend has been phished but realised a couple of mins later and reset her creds. The email she has received afterwards isn't clear if the attempted auth was successful or not. She is fraught with worry. Please repost for visibility.
Reposted by Paul Batson
Regex is too hard for even OpenAI o1: it thought for over three minutes and then produced regex that didn't work. Looks like regex is a good test for AGI.
January 25, 2025 at 12:54 AM
Regex is too hard for even OpenAI o1: it thought for over three minutes and then produced regex that didn't work. Looks like regex is a good test for AGI.
Reposted by Paul Batson
I decided to put together a starter pack of oldskool hacker and/or hacker-adjacent folks you may want to follow (Or, y'know, maybe you want to block them all, what do I know? You do you, homeslice.)
go.bsky.app/HQWqtno
go.bsky.app/HQWqtno
December 4, 2024 at 3:12 AM
I decided to put together a starter pack of oldskool hacker and/or hacker-adjacent folks you may want to follow (Or, y'know, maybe you want to block them all, what do I know? You do you, homeslice.)
go.bsky.app/HQWqtno
go.bsky.app/HQWqtno
Reposted by Paul Batson
Hope to see some of you tonight for discussions
Be there or be….. idk, somewhere else!?! 🤣
Next session with myself and @lisaforte.bsky.social at 8pm (UK time) on 5th December. Available on the usual channels. twitch.tv/SeanWrightSec
December 5, 2024 at 2:43 PM
Hope to see some of you tonight for discussions
Reposted by Paul Batson
This blog is wild. “Secret Blizzard (Turla) has used the tools and infrastructure of at least 6 other threat actors during the past 7 years.”
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog
Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indi...
www.microsoft.com
December 4, 2024 at 7:20 PM
This blog is wild. “Secret Blizzard (Turla) has used the tools and infrastructure of at least 6 other threat actors during the past 7 years.”
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
Reposted by Paul Batson
Sekoia has published some pretty comprehensive research on how ransomware gangs exfiltrate data from compromised environments.
blog.sekoia.io/ransomware-d...
blog.sekoia.io/ransomware-d...
November 28, 2024 at 5:08 PM
Sekoia has published some pretty comprehensive research on how ransomware gangs exfiltrate data from compromised environments.
blog.sekoia.io/ransomware-d...
blog.sekoia.io/ransomware-d...
Reposted by Paul Batson
DualCore and I spoke at the Red Team Village this year. Here are the slides. QR code with link to gist with all the reference links on last page. Unfortunately it wasn't recorded.
docs.google.com/presentation...
#redteam #purpleteam #redteamvillage
docs.google.com/presentation...
#redteam #purpleteam #redteamvillage
Modern Red Teaming: macOS, K8s, and Cloud - RTV 24 (Public)
Modern Red Teaming: macOS, K8s, and Cloud Carnal0wnage int0x80
docs.google.com
November 24, 2024 at 7:35 PM
DualCore and I spoke at the Red Team Village this year. Here are the slides. QR code with link to gist with all the reference links on last page. Unfortunately it wasn't recorded.
docs.google.com/presentation...
#redteam #purpleteam #redteamvillage
docs.google.com/presentation...
#redteam #purpleteam #redteamvillage
Reposted by Paul Batson
If you'll be at BSides London this year please do find the time to check out this talk by my student Ana, she's going to be talking about the intersection of security and disability with her talk on password accessibility
November 24, 2024 at 10:14 PM
If you'll be at BSides London this year please do find the time to check out this talk by my student Ana, she's going to be talking about the intersection of security and disability with her talk on password accessibility
For anyone just getting into detection engineering or hunting, I’d strongly recommend starting out by making sure you’re collecting process events (with full command lines), persistence locations (eg. scheduled tasks, services, reg run keys, cron, etc) and process network connections.
November 25, 2024 at 12:05 AM
For anyone just getting into detection engineering or hunting, I’d strongly recommend starting out by making sure you’re collecting process events (with full command lines), persistence locations (eg. scheduled tasks, services, reg run keys, cron, etc) and process network connections.
Reposted by Paul Batson
Just added a boatload of new detection engineers who joined Bluesky this week. Make sure to check this starter pack out
I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR
November 24, 2024 at 11:53 PM
Just added a boatload of new detection engineers who joined Bluesky this week. Make sure to check this starter pack out
Reposted by Paul Batson
If you're interested in Linux DFIR? Then check all our talks/workshops below. #Linux #DFIR #Cybersecurity
CC: @maryst33d.bsky.social
linuxdfir.ashemery.com
CC: @maryst33d.bsky.social
linuxdfir.ashemery.com
November 24, 2024 at 6:38 PM
If you're interested in Linux DFIR? Then check all our talks/workshops below. #Linux #DFIR #Cybersecurity
CC: @maryst33d.bsky.social
linuxdfir.ashemery.com
CC: @maryst33d.bsky.social
linuxdfir.ashemery.com
Reposted by Paul Batson
We have just managed to free up some more tickets for #BSidesLDN2024, when they are gone, they are gone!
www.eventbrite.co.uk/e/bsides-lon...
Please be a team player and remember to cancel your ticket if you can no longer be there on the day!
#Security #BSides #London #Tickets
www.eventbrite.co.uk/e/bsides-lon...
Please be a team player and remember to cancel your ticket if you can no longer be there on the day!
#Security #BSides #London #Tickets
BSides London 2024
This year's event will be held Saturday 14th of December 2024, at the Novotel London West Conference Centre.
www.eventbrite.co.uk
November 24, 2024 at 3:14 PM
We have just managed to free up some more tickets for #BSidesLDN2024, when they are gone, they are gone!
www.eventbrite.co.uk/e/bsides-lon...
Please be a team player and remember to cancel your ticket if you can no longer be there on the day!
#Security #BSides #London #Tickets
www.eventbrite.co.uk/e/bsides-lon...
Please be a team player and remember to cancel your ticket if you can no longer be there on the day!
#Security #BSides #London #Tickets
Whilst helping someone out with their gmail security, I’ve just realised they offer darkweb/leak monitoring. How did I not know about this already?
November 23, 2024 at 2:04 AM
Whilst helping someone out with their gmail security, I’ve just realised they offer darkweb/leak monitoring. How did I not know about this already?
🧵1/5 For anyone wondering why they put up with the stress of a role in infosec (I know I have wondered sometimes in the past) please consider the following.
We all know ransomware TAs affect companies and their bottom line. And there’s an understanding that it affects individuals too..
We all know ransomware TAs affect companies and their bottom line. And there’s an understanding that it affects individuals too..
November 20, 2024 at 8:47 PM
🧵1/5 For anyone wondering why they put up with the stress of a role in infosec (I know I have wondered sometimes in the past) please consider the following.
We all know ransomware TAs affect companies and their bottom line. And there’s an understanding that it affects individuals too..
We all know ransomware TAs affect companies and their bottom line. And there’s an understanding that it affects individuals too..
Reposted by Paul Batson
I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR
November 18, 2024 at 3:37 PM
I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR
This is a really interesting read from a Russian IR company on some pretty stealthy nix malware. (Hat tip to @patrick.risky.biz / Risky Business for highlighting it). Some good detection opportunities in there.
Russian language but Google translate does a great job.
rt-solar.ru/solar-4rays/...
Russian language but Google translate does a great job.
rt-solar.ru/solar-4rays/...
Неуловимый GoblinRAT: как бэкдор для Linux проник в государственные инфраструктуры
Узнайте, как бэкдор GoblinRAT скрытно заражал Linux-системы в государственных инфраструктурах с 2020 года, используя уникальные методы маскировки и каналы связи через взломанные сайты
rt-solar.ru
November 19, 2024 at 2:37 AM
This is a really interesting read from a Russian IR company on some pretty stealthy nix malware. (Hat tip to @patrick.risky.biz / Risky Business for highlighting it). Some good detection opportunities in there.
Russian language but Google translate does a great job.
rt-solar.ru/solar-4rays/...
Russian language but Google translate does a great job.
rt-solar.ru/solar-4rays/...
Reposted by Paul Batson
If the NSA[1], GrapheneOS[2], and Apple[3] all believe that rebooting your mobile phone regularly is something that protects your data, you might consider automating it.
1. https://buff.ly/3xhyTtU
2. https://buff.ly/40OLdhw
3. https://buff.ly/3UIbQB0
1. https://buff.ly/3xhyTtU
2. https://buff.ly/40OLdhw
3. https://buff.ly/3UIbQB0
November 12, 2024 at 1:02 AM
If the NSA[1], GrapheneOS[2], and Apple[3] all believe that rebooting your mobile phone regularly is something that protects your data, you might consider automating it.
1. https://buff.ly/3xhyTtU
2. https://buff.ly/40OLdhw
3. https://buff.ly/3UIbQB0
1. https://buff.ly/3xhyTtU
2. https://buff.ly/40OLdhw
3. https://buff.ly/3UIbQB0
Reposted by Paul Batson
This starter pack thing is cool, it's like what Follow Friday wanted to be when it grew up. :)
November 18, 2024 at 3:54 PM
This starter pack thing is cool, it's like what Follow Friday wanted to be when it grew up. :)
Reposted by Paul Batson
Great post by @naehrdine.bsky.social on the inner workings of the new inactivity reboot feature in iOS 18.
naehrdine.blogspot.com/2024/11/reve...
naehrdine.blogspot.com/2024/11/reve...
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
naehrdine.blogspot.com
November 18, 2024 at 7:07 AM
Great post by @naehrdine.bsky.social on the inner workings of the new inactivity reboot feature in iOS 18.
naehrdine.blogspot.com/2024/11/reve...
naehrdine.blogspot.com/2024/11/reve...