achievement unlocked:
-
achievement unlocked:
first, formal writeup to a customer where i have to cite another vendor they are using sending them ai slop in honeypot and edr alerts.
one thought a portscan was "an attacker conducting lateral movement"
then another thought dropping rubeus.exe onto a laptop, and having it immediately caught and deleted qualified as "a ransomware event"
this is just bananas.
its borderline fraud -
achievement unlocked:
first, formal writeup to a customer where i have to cite another vendor they are using sending them ai slop in honeypot and edr alerts.
one thought a portscan was "an attacker conducting lateral movement"
then another thought dropping rubeus.exe onto a laptop, and having it immediately caught and deleted qualified as "a ransomware event"
this is just bananas.
its borderline fraudlike, if you work at a company that sends ai slop to people as security alerts, you should strongly consider quitting on ethical grounds
-
like, if you work at a company that sends ai slop to people as security alerts, you should strongly consider quitting on ethical grounds
like, imagine getting the page and setting up an IR bridge and being the incident commander at 3am on a sunday morning and it turns out 'the honeypot vendor thought a portscan was a ransomware event and the portscan was a contractor or a junior devops guy running the spiceworks demo on a laptop or running an nmap'
youre gonna be pissed.
so are the people cutting the checks to that vendor -
like, imagine getting the page and setting up an IR bridge and being the incident commander at 3am on a sunday morning and it turns out 'the honeypot vendor thought a portscan was a ransomware event and the portscan was a contractor or a junior devops guy running the spiceworks demo on a laptop or running an nmap'
youre gonna be pissed.
so are the people cutting the checks to that vendor@Viss That IR bridge would become a struggle session real fast, holy hell.
-
achievement unlocked:
first, formal writeup to a customer where i have to cite another vendor they are using sending them ai slop in honeypot and edr alerts.
one thought a portscan was "an attacker conducting lateral movement"
then another thought dropping rubeus.exe onto a laptop, and having it immediately caught and deleted qualified as "a ransomware event"
this is just bananas.
its borderline fraud -
@Viss the rubeus thing is actually fucking wild.
-
like, imagine getting the page and setting up an IR bridge and being the incident commander at 3am on a sunday morning and it turns out 'the honeypot vendor thought a portscan was a ransomware event and the portscan was a contractor or a junior devops guy running the spiceworks demo on a laptop or running an nmap'
youre gonna be pissed.
so are the people cutting the checks to that vendor@Viss I’m very curious on which vendor this is
-
@Viss I’m very curious on which vendor this is
@winterknight1337 @Viss the copilot summaries in defender for endpoint are exactly that bad...
-
R relay@relay.infosec.exchange shared this topic
