There was sensitive media stored in the account so having a way to know if they pulled it down or not might save her worrying too much.

So it looks like it was successful. Does anyone know if there is any route to requesting what activity occurred even if its a long process? We think it was approx. 1-2 mins afterward that she logged in and rolled creds.

The Attemped auth looks to be from a sketchy hosting provider. I'd like to give her some reassurance if possible. The creds were reset very quickly. And I know Snapchat does some auth analytics as I've failed auth with unusual country/
device in the past. I'm desperately hoping it was a failed auth.

I've done all the usual (confirmed she reset with a strong, unique pass, enabled 2FA, checked with her that the phished creds weren't reused elsewhere). The Snapchat Sessions page only shows her current session with valid IP.

@markrussinovich.bsky.social Thanks for posting this as it’s given me a project to have a go at! Been looking for a reason to have a play with LLMs :)

Taking it a step further, an LLM that could take a bunch of logs, take a draft detection in the prompt, show alerts that would trigger and then spit out out suggested recommended tuning for the detection would be really interesting too.

Maybe an LLM specifically trained on regex would be an interesting project. Who wouldn’t like an LLM to take a sample of logs and spit out an efficient and effective regex ;)

Magical. Out of interest, which Leica?

I actually lol’d when they didn’t pick up on any of them. Obviously not a hacker haha.

Nice touch with the Hackers references :D

After that I’d add the collection of some specific Events for Windows eg. User added to Security-Enabled Group and PowerShell logs.

Please don’t do what I see so often and focus on collecting firewall events.