Brutkey

cR0w
@cR0w@infosec.exchange

Fuck this unnamed EDR.

EDR: Suspicious file modification detected. Anti-Ransomware Protection enabled.

Me: What's the file that was modified?

EDR: IDK.

Me: What process modified it?

EDR: IDK.

Me: How was it modified?

EDR: IDK.

Me: Who was the user logged on at the time?

EDR: IDK.

Me: Did you prevent the file modification?

EDR: No, just reporting it. But here's the hostname.

Little girl from a Shake 'n Bake commercial where she said "It's Shake 'n Bake and I helped."
Jernej Simončič �
@jernej__s@infosec.exchange

@cR0w@infosec.exchange Reminds me of Windows Defender (the regular one in Windows 11): threat blocked, click here for more info; after clicking "No recent detections"

(the fix was to boot to Safe mode and delete some directory)

cR0w
@cR0w@infosec.exchange

@jernej__s@infosec.exchange It's almost like maybe security programs aren't actually securing things.