Episode 28 - Indications - White Hat Security

![[White-Hat-Large-300px.png]] 2024-05-16 # Episode Number 28 - Indications * Missed the show? Well you can access the replay! * https://rumble.com/v4vn5ot-white-hat-security-episode-28-indications.html?mref=1xggrq&mc=9gx3l # General Discussion # Back to Basics ## Indicators of Compromise (IoC) * Proof that your system and/or network has been compromised. * Endpoint Detection and Response software is not the 'golden bullet' for identifying a system compromise. * What things to look for? * Increased network traffic. * Network response seems slower than normal. * Websites are not loading correctly or website address direct you to incorrect websites. * Increased system load. * Slow response of your computer. * Applications are slow or won't start. * Increased disk activity. * Hard drive lights are more active when the system is idle. * "Random" files seem to show up in places you didn't recently access. * You are receiving password reset emails. * You see these for password resets you did not request. * Various accounts are locked out needing resets. * You can't log into services online. * When checking for account logins you see connections from disparate geographical locations. * You see logins from your home area and another country mere minutes apart. # News ## ProtonMail and the Spanish Protester * [[2024-05-16 ProtonMail Did Nothing Wrong]] * A lot of bad PR due to people not understanding how the service works. * Know how to use your secure tools. * Don't link your secure email solution with real identity. * Don't use a recovery email address that can immediately identify you. * Don't use a recovery phone number that can immediately identify you, burner phones are good for this. * Use a solid VPN when accessing your secure email solution. - Use a burner payment method to pay for your secure email solution. ## This week's news stories of note: * [[2024-05-13 Europol Hacked]] * [[2024-05-14 Black Basta's New Social Engineering Campaign]] * [[2024-05-15 FCC Names the Royal Tiger Group]] * [[2024-05-15 There Is No Cyber Labor Shortage]] * [[2024-05-16 BreachForums Seized Again]] * [[2024-05-16 Whonix versus Tails]] * [[2024-05-17 MITM Attacks Can Still Bypass FIDO2 Security]] # Have a question or topic suggestion? If you have a question or topic that you would like discussed on the show, send an email to [questions[@]whitehatsecurity[.]stream](mailto:[email protected]?subject=Question%20for%20the%20show). * @NiceCrew (https://nicecrew.digital/@iamthejeeves) * @X formally known as 'Twitter' (https://x.com/iamthejeeves) If you like my content, why not send a little something my way? * ![[cashapp.jpg]][Cash App](https://cash.app/$iamjeeves) * <a href='httpsquestions[@]whitehatsecurity[.]streamblank'><img height='36' style='border:0px;height:36px;' src='https://storage.ko-fi.com/cdn/kofi5.png?v=3' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a> * <a href='https://buymeacoffee.com/iamthejeeves' target='_blank'><img src='https://publish-01.obsidian.md/access/2a3e9ac93555ab5afe068f8fa291f1ec/Images/yellow-button.png' border='0' alt='Buy Me a Coffee' /></a> #ShowNotes #JeevesOriginalContent #WhiteHatSecurity