Conversation
kaaswe@swecyb.com

kaaswe

Microsoft Defender alert 🚨1 threat found and quarantined.

Ok, interesting I like to see what it was. Clicking the link show full log which leads me to a window where the the threat name is revealed, ok good.

And the mail and attachment??

Nope, a path on my drive where temp file was saved, with an unidentifiable file name of a pdf. ….. so I still don’t know the mail nor original attachment.

Good work MS developer to make things easy and clear. NOT

1
0
1
buherator

buherator

Reply to @kaaswe@swecyb.com
@kaaswe Red Team likes this
3
0
1
kaaswe@swecyb.com

kaaswe

Reply to @buherator

@buherator
But I'm Blue Team :(

1
0
0
buherator

buherator

Reply to @kaaswe@swecyb.com
@kaaswe Have some empathy then :)
0
0
1
kaaswe@swecyb.com

kaaswe

Reply to @buherator

@buherator
Perhaps this is just the MAC GUI that sucks, but I can't even copy the path from the client. The "copy" only gives me the infection:
Trojan:Script/Phonzy.B!ml

Not the full path to the group container for outlook.

It could be better.....

1
0
0
kaaswe@swecyb.com

kaaswe

Reply to @buherator

@buherator

and PLEASE don't ask why I run Microsoft Defender on a MAC, this is so not my choice.

* run over by IT *

ugh.

0
0
1
buherator

buherator

Reply to @kaaswe@swecyb.com
@kaaswe Ugh, I guess this is how UX gets in the way the worst possible time (the middle of an incident) :P
0
0
1
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.