Post AVBX8OgF03l2wXx344 by BabblingGeek@infosec.exchange
 (DIR) More posts by BabblingGeek@infosec.exchange
 (DIR) Post #AVBTnf6cR4ctwTi7ay by adam@hax0rbana.social
       2023-04-30T17:13:35Z
       
       0 likes, 0 repeats
       
       People who subscribe to threat intel feeds that automatically import firewall rules:If the your threat intel vendor were compromised...1. Would it be possible for an "allow all" rule to be injected (so a more subtle undermining)?2. Would you get an alert if this was attempted (successful or not)?3. Do you have a response plan for this situation?#infosec #security #ThreatIntel #ThreatIntelligence #BlueTeam
       
 (DIR) Post #AVBWW0M4zZTaUoDLDE by adam@hax0rbana.social
       2023-04-30T17:44:01Z
       
       0 likes, 0 repeats
       
       I realize that the answer to this is likely uncomfortable and that I probably won't get many responses (especially from people who aren't safe from this).But if you're willing, feel free to sign up for a burner account and answer anonymously.I just like to keep a pulse on how people are doing and how what I am doing compares.
       
 (DIR) Post #AVBX8OgF03l2wXx344 by BabblingGeek@infosec.exchange
       2023-04-30T17:50:56Z
       
       0 likes, 0 repeats
       
       @adam it’s Sunday and thinking about this qualifies as work. I’ll get back to you tomorrow