It has to be staged, as no one used a forensic approach, nor a professional one, they didn't know where to log for windows logs and things, can't be real, probably staged to show 'easily' to it noobies how to get there etc, they said they need to run a forensic audit, what i think it's, Mark, or how's called the white hat guy, knows what he's talking about, but act as if he doesn't, i saw that earlier when he said ' i just learned to open the image in ftk imager yesterday night', but then he did know at a point which directory to look for, CVE grades, software flaws, etc, so...
Also, i don't think they will show out everything here' it's a way to have people push to ask for audits, they said it
Plus, apart this, there's an entire topic on Microsoft ElectionGuard...
Yep just enough to wake up people there, anyway, for their skills, showing them a full forensic analysis in real time, would have had the same effect (they didn't even ask anything to prove those were from the same systems), but would have way complex and, in this way you leave the enemy with a nothing burger, as, for what they know, Ron may be even just dicking around with his own hard drive
but a real forensic procedure, if triggered, would prove everything as needed
btw, to have 3 point in time (images), people need to ask themselves how, they had them... i'd say same source as the pcap :)
IT is such a large domain, with many sub domains. Being an expert in any single domain in IT causes one to lag behind in the other domains. Being a jack of all trades across many domains, causes one to not really be an expert in any of them.
Look up the magnet links Ron posted. There are 2 and both are a shade over 17gb
He just mentioned it!! Word got through.
Telegram discussion going on, if anyone is interested/wants to get info out. I assume people are already on and talking
Hopefully someone has contact with him
It has to be staged, as no one used a forensic approach, nor a professional one, they didn't know where to log for windows logs and things, can't be real, probably staged to show 'easily' to it noobies how to get there etc, they said they need to run a forensic audit, what i think it's, Mark, or how's called the white hat guy, knows what he's talking about, but act as if he doesn't, i saw that earlier when he said ' i just learned to open the image in ftk imager yesterday night', but then he did know at a point which directory to look for, CVE grades, software flaws, etc, so...
Also, i don't think they will show out everything here' it's a way to have people push to ask for audits, they said it
Plus, apart this, there's an entire topic on Microsoft ElectionGuard...
I am assuming they are rehashing what was known on November 3-4 by certain groups watching it all in real time.
Yep just enough to wake up people there, anyway, for their skills, showing them a full forensic analysis in real time, would have had the same effect (they didn't even ask anything to prove those were from the same systems), but would have way complex and, in this way you leave the enemy with a nothing burger, as, for what they know, Ron may be even just dicking around with his own hard drive
but a real forensic procedure, if triggered, would prove everything as needed
btw, to have 3 point in time (images), people need to ask themselves how, they had them... i'd say same source as the pcap :)
IT is such a large domain, with many sub domains. Being an expert in any single domain in IT causes one to lag behind in the other domains. Being a jack of all trades across many domains, causes one to not really be an expert in any of them.
On some specific fields, but here we are talking about basic things for a system admin / tech / architect / whatever
How a system / server works (hard drives, OS)
How to timestamp and checksum file and drives
Where to locate log files
How to compare directories and files
Where to see networking stuffs
Where to find software updates
etc
Just a bunch of chapters of any minor IT certification in the market, from CompTIA+ (entry level) up
are any of the streams providing a screen chat function?
I think that someone on stage was replying to a chat comment
It seems more stable too....
I'm thinking dumb by design.