Es wird Zeit, den #Heimspeicher auf den Sommermodus umzustellen.

Da in der Nacht kaum noch Strom benötigt wird, begrenze ich den max #SOC auf 80% und den min SOC auf 20%.

In dieser Range fühlt sich der #LFP Akku pudelwohl und die Lebenszeit wird verlängert.

Die nutzbare Kapazität reduziert sich auf ca. 7 kWh, was für unsere Zwecke im Sommer ausreicht.

Calling all Kunai Ninjas!

We're happy to announce the launch of the Kunai Community Hub – a collaborative space where you can share your architecture overviews, deployment tips, and any other useful information about Kunai.

Why Join the Kunai Community Hub?

- Share Your Expertise: Contribute your knowledge and experiences to help others in the community.
- Learn from Others: Discover best practices, architectural insights, and deployment strategies from fellow Kunai users.
- Connect and Collaborate: Engage with the community of Kunai users.

Join the Conversation:

We can't wait to see what you share! Whether it's a detailed architecture overview, deployment tips, or insights on scaling, your contributions will help build a stronger and more knowledgeable Kunai community.

Get Started:

Visit the Kunai Community Hub on GitHub: https://github.com/kunai-project/community-hub

#OpenSource #Linux #Malware #ThreatHunting #DFIR #SOC #DetectionEngineering

Thank you for being part of the Kunai journey!

PS6 portatile può far girare i giochi PS5 senza problemi
#Compatibilità #ConsolePortatile #GameNews #Gamer #Gaming #Handheld #Leak #NextGen #Notizie #Novità #PlayStation #PlayStation6 #PS5 #PS6 #Rumors #SoC #TechNews #Tecnologia #VideoGame #Videogiochi

https://www.ceotech.it/ps6-portatile-puo-far-girare-i-giochi-ps5-senza-problemi/

Investigation Scenario

You have detected unauthorized modification to /etc/libaudit.conf on a Linux server.

What do you look for to investigate whether an incident occurred and its impact? What could an attacker have done here?

This NLRB whistleblower complaint is a horror story for any CERT team. As a CTI/SOC analyst, if I see spawned powershell invoking web requests to some random-ass AI API reverse-engineering tool/headless browser repository, large outbound byte transfers measured in GBs, or conditional access policies/MFA being tampered with, you’re getting isolated and we’re standing up an incident response bridge. Also, someone on your team has an info stealer on their device if they’re seeing attempted logins from a foreign country within fifteen minutes of account creation.

This is an insider threat case of the worst kind: one your security team gets to watch but can’t do a damn thing to stop.

https://arstechnica.com/tech-policy/2025/04/government-it-whistleblower-calls-out-doge-says-he-was-threatened-at-home/?comments-page=1#comments

https://whistlebloweraid.org/wp-content/uploads/2025/04/2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf

PS6 portatile non sarà potente come la PlayStation 5
#2027 #AMD #ConsolePortatile #GameNews #Gamer #Gaming #Handheld #Indiscrezioni #Leak #NextGen #Notizie #Novità #PlayStation #PlayStation6 #PS5 #PS6 #Rumors #SoC #Sony #TechNews #Tecnologia #VideoGame #Videogiochi

https://www.ceotech.it/ps6-portatile-non-sara-potente-come-la-playstation-5/

My SIEM-Agnostic Creative Process to Detection Engineering: https://osintteam.blog/my-siem-agnostic-creative-process-to-detection-engineering-4e401ac60b63

Looking forward to learning more about this libre-licensed RISC-V SoC with Kazan GPU and VPU.

https://www.crowdsupply.com/libre-risc-v/m-class

I'm really curious how these types of chips are prototyped. I know we can simulate a few hundred thousand logical operations with an FPGA, but is that even close to simulating a powerful chip of this size?

Free Cybersecurity Webcasts from SANS — Now Open for Registration!

SANS Institute has released its latest schedule of free, expert-led webcasts throughout 2025. Topics span the most critical areas of cybersecurity today:

Microsoft Defender for Cloud – Best practices & insights
ICS Security & Management of Change – Resilience and risk
Threat Intelligence & SOC Trends – Based on global survey data
Multicloud & GenAI Security – How organizations are adapting
Attack Surface Management – Stay ahead of hacker tactics

Flexible live or on-demand viewing
Earn CPE credits
Stay current on the latest in cyber

This is a great opportunity for pros at all levels to grow their skills and stay sharp in a fast-evolving field.

#CyberSecurity #SANS #ProfessionalDevelopment #FreeTraining #ThreatIntel #SOC #CloudSecurity
@sans_isc
@sans_isc@mastodon.social

https://view.email.sans.org/?qs=69e0423f47b163c10422e42e78f288b1ccd6a87e76506420328fda341009ee42763f21ede68cb31569b62cbbaa38aa3792a19b908f03af20cdaeca844e5fa9ec285d2bb1d239bbb0bfc583cd46493f984d8f5f21647ae6b7

ALERT: Banking Apps Under Attack: Credentials Hijacked via Telegram
A #malware dropper delivers a stealer disguised as the IndusInd Bank app. It embeds a phishing website inside the Android app to steal victims’ financial data, posing a threat to mobile banking users and financial institutions.

Analysis: https://app.any.run/tasks/fe800ccb-fccc-42a6-a11d-a3d2b6e89edf/?utm_source=mastodon&utm_medium=post&utm_campaign=android_banking_app&utm_term=200325&utm_content=linktoservice

The malware tricks users into entering their sensitive information (registered mobile number, Aadhaar number, PAN card, net banking user ID, etc.) through a fake banking interface embedded in the app.

Once submitted, the stolen data is sent to both the #phishing site and a C2 server controlled via Telegram.

The AndroidManifest.xml shows that the dropper APK has permissions to install applications. The #dropper contains base.apk, the malicious #payload, and is responsible for dropping and executing it.

Our new #Android sandbox allows #SOC teams reveal base.apk behavior: communication via Telegram, starting from another location, monitoring incoming messages, and more. Fast access to threat details enables deep analysis and proactive response, mitigating potential damage.

The APK is obfuscated, with all strings #XOR-encrypted with the ‘npmanager’ key. The CyberChef recipe below reveals the script that sends intercepted data to Telegram: https://gchq.github.io/CyberChef/#recipe=From_Hex%28%27Auto%27%29XOR%28%7B%27option%27%3A%27UTF8%27%2C%27string%27%3A%27npmanager%27%7D%2C%27Standard%27%2Cfalse%29%26oeol%3DNEL

#IOCs:
#Phish URL: hxxps://t15[.]muletipushpa[.]cloud/page/
C2 Server (Telegram Bot): hxxps://api[.]telegram[.]org/bot7931012454:AAGdsBp3w5fSE9PxdrwNUopr3SU86mFQieE

More IOCs and insights will be shared in our blog post. Let us know if you're interested!

Expose Android threats in seconds with real-time APK analysis in #ANYRUN Sandbox: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=android_banking_app&utm_term=200325&utm_content=linktoregistration#register/

Wow, talk about not understanding the assignment.
Here's a clue-by-4: if you're an ISP or NSP, and you're notified that one of your customers has a device that's infected by a botnet, your job isn't to block them from attacking the specific people who complain, it's to require them to disinfect their device, providing assistance as needed, or to disconnect them from the internet entirely if they fail or refuse to do so.
#infosec #botnet #BlueTeam #SOC

Investigation Scenario

Proxy logs show a Linux database server making HTTP requests with an empty User Agent string.

You don't have PCAP or other network logs.

What do you look for to investigate whether an incident occurred?

#tryHackMe has a new certification out, the Security Analyst Level 1 or #SAL1 for short. I will NOT be covering it on my channel to assess its #accessibility for #screenReader users, because in a sense I already have. I did a stream on their #SOC simulator recently which is a big part of this cert, and that was a disaster. Add to that that on the "About' page, they couldn't even be bothered to #altText the one logo in the descriptive text makes me feel it is utterly unnecessary to even give this a chance. It's a #fail. plain and simple.

https://emailsecurity.checkpoint.com/blog/threat-alert-sophisticated-botnet-targeting-microsoft-365-with-advanced-authentication-bypass-techniques