Back when I did Black Ice, the first IDS event it triggered on was “traffic seen”. It continuously checked it’s healthhttps://twitter.com/GossiTheDog/status/1143636007218290688 …
Yes, you should have another job lined up, because that could have been easily avoided with a deployment plan - you do a rollout in audit mode first before you enable enforcing 
-
-
Right, you want to make sure that the Chinese backdoors already present on your domain controllers continue functioning after the deployment. ;)
-
That's an odd thing to say. Sure, rolling out whitelisting on already compromised infrastructure isn't going to magically clean up the existing compromise, although it sure as hell will help and prevent it in future. A good solution doesn't have to solve *all* problems.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.