Brutkey

cR0w
@cR0w@infosec.exchange

Fuck this unnamed EDR.

EDR: Suspicious file modification detected. Anti-Ransomware Protection enabled.

Me: What's the file that was modified?

EDR: IDK.

Me: What process modified it?

EDR: IDK.

Me: How was it modified?

EDR: IDK.

Me: Who was the user logged on at the time?

EDR: IDK.

Me: Did you prevent the file modification?

EDR: No, just reporting it. But here's the hostname.

Little girl from a Shake 'n Bake commercial where she said "It's Shake 'n Bake and I helped."
adison verlice
@adisonverlice@tweesecake.social

@cR0w@infosec.exchange just curious, what EDR do you use? splunk? wazuh? security onion??

cR0w
@cR0w@infosec.exchange

@adisonverlice@tweesecake.social I don't want to go into detail here but it's one of the more popular ones.