#hack100days : day 61 : Another light day. Read articles and another chapter in _Rust Programming Language_--was reminded to keep up on that via link from a @thegrugq newsletter to @buttplug.io (@twitter) thread, leading to @m_ou_se@twitter presence talking about her book _Rust Atomics and Locks_ (which is available at https://marabos.nl/atomics/, so I have some more reading and coding to do... #GetSmart #Rust

#hack100days : day 60 : Another section of CRTO done. Learned more about MSFT's Data Protection API, which was new to me. Otherwise, it was light today. #GetSmart #CoSoSec

Congrats #STLCSC, 2-0 is a good way to start an inaugural season. #MLS

#RedTeamFit Got in a 3.1 km walk in 29 min. (That's a sub-15 minute mile pace, in Freedom Units.) Happy with that. Shooting for a longer walk tomorrow.

Via infosec.exchange feed: https://lucha.nyc/@ieatkillerbees/109961947877248377

ChatGPT and similar products are not "AI", they're fancy math. Still interesting and for well disciplined users, potential force-multipliers. They won't be replacing people anytime soon. #OldManYellsAtCloud

#hack100days : day 59 : Two more sections of CRTO down. Tuned the registry run key search in Defender ATH. Noisy bugger, going to take some work to sort out "normal". Seems like a good place to hide for long-haul persistence. #RedTeam #BlueTeam #CoSoSec

#hack100days : day 58 : Spent some time poking around log sources. Checked for logging and events matching oppsec warnings from CRTO. Created and tuned some queries for Defender ATH. There's signal in there about Registry run key creation and scheduled task creation. Good to know for #redteam and #blueteam! #CoSoSec

#hack100days : day 57 : Finished the next section of CRTO. Juuust shy of half-way. Checked out a couple of presos at the Antisyphon "Most Offensive Con That Ever Offensived" on-line conference. I like the personalities and some of the dialogue in the #RedTeam panel discussion at the beginning. However, it was a little too "let's be controversial for the sake of controversy" for my taste. (I hope to get a pizza delivered to me, one day.) #CoSoSec

Beautiful day today. Went 1.9 KM in 18’20”. Progeny was beat after school and needed veg time. #RedTeamFit

Went for a 1.9 KM walk and got it done in 22 min. Progeny accompanied who was more interested in getting some sun than going fast. Reckon I'll try for two tomorrow, one for speed and a second w/kidlet again. #RedTeamFit

#hack100days : day 56 : Read a CISA #RedTeam report: https://www.cisa.gov/sites/default/files/2023-02/aa23-059a-cisa_red_team_shares_key_findings_to_improve_monitoring_and_hardening_of_networks.pdf Definitely cribbing some report formatting and noting TTPs. #CoSoSec

#hack100days : day 55 : Completed three more #CRTO sections, maybe about a 1/3 of the way through--so far, mostly review. Added another item to the #ThreatHuntThursday list. #redteam #GetSmart

#hack100days : day 54 : Completed credential theft section for #CRTO, got some good ideas for #ThreatHuntThursday for log events and access patterns I hadn't though of before. #redteam #GetSmart

Switching to SI units for my walks. Today I got in a 3.45 KM walk in 0:32:17, for a pace of 9’21”/KM. Reckon it’ll take some time to get a sense of what a “good” pace is. Main thing will to get quicker and breath easier on some of the hillier bits. #RedTeamFit

Since we see the previous post, theory CS doesn't like KQL seems to hold up.

#hack100days: day 52 : Spent more time on CRTO, got through several sections. If something talks lsass, there's a Windows Event 4656 generated. These events don't make it into Windows Defender ATH. KQL that *might* help can be found here: https://infosec.exchange/@scottlink/109922158743618879 (CS may not have like my KQL, so trying the link.) (Lsass does get started in the normal day-to-day of things, filter out it itself being the process, look for things trying to operate on it.) #redteam #blueteam #GetSmart #CoSoSec

#hack100days: day 51 : Spent some time going through CRTO. First two sections down. Spun up a new kali box to play around with some of the tooling covered in recon section. Reckon I'll do a once through the material before getting lab time and going after the lab exercises. #RedTeam #infosec #cososec

Is #RedTeamFit still a thing? Got another walk in. Distance, 1.2 miles; Pace of 15 min/mi. I'm happy with that, since my last couple of walks were in the 20s. Colder out there than I anticipated, which incentivized my pace.

#hack100days: day 50 : Grrr. Yesterday was actually day 49. Anyways. Signed up for zeropointsecurity.co.uk Certified Red Team Operator course. LFG! #RedTeam #infosec #PrimumNonNocere