What Distracted Me This Week

Check out a few stories that distracted me this week:

• The Conti ransomware group's chats were leaked this week along with their decryption keys for their malware. The chat messages look quite similar to a regular office IM with Conti members discussing FTO and salary details.
• Interesting writeup about the suspected culprit of the Ethereum DAO hack that contributed to the decision to hard fork Ethereum. The crypto forensics company Chainalysis now has the capability to break coinjoin transactions' anonymity used in wallets like wasabi.

"Jumping off from the Coinfirm analysis, blockchain analytics company Chainalysis saw the presumed attacker had sent 50 BTC to a Wasabi Wallet, a private desktop Bitcoin wallet that aims to anonymize transactions by mixing several togetherin a so-called CoinJoin. Using a capability that is being disclosed here for the first time, Chainalysis de-mixed the Wasabi transactions and tracked their output to four exchanges. In a final, crucial step, an employee at one of the exchanges confirmed to one of my sources that the funds were swapped for privacy coin Grin and withdrawn to a Grin node called grin.toby.ai. (Due to exchange privacy policies, normally this sort of customer information would not be disclosed.)"

• Great twitter thread about the history of Active Directory and current state of Azure security:

The thread makes the excellent point that tools like mimikatz, responder, and impacket and the Active Directory abuses they highlight have been public for years now. Yet the prevalance and risk these Active Directory abuses present persists across organizations of all sizes. In other words, your servers and workstations may be fully patched but you may still be susceptible to AD abuses like kerberoasting and lack of SMB signing.