Innie with SOC access

Post reply
TerrysTemplefan23
TerrysTemplefan23
TerrysTemplefan23 TerrysTemplefan23 March 7 Mar 7 #1
Have a buyer looking for SOC operators in the Portland, OR region. Banking focus preferred. Requirements: active SOC operator, no red flags, can provide foreign-origin VPN. Want access to EDR console, ticketing system, and user sessions. Budget: 2500-4500 USD in stablecoin or BTC for verified, recurring access. Must pass through audit tests from our team before first payment. We can sign NDA in PGP with alias after trust established.
p0_4
p0_4
p0_4 p0_4 March 7 Mar 7 #2
Not easy; why not just buy logs from data dump vendors?
TerrysTemplefan23
TerrysTemplefan23
TerrysTemplefan23 TerrysTemplefan23 March 7 Mar 7 #3
Need live access for lateral movement, logs alone are stale.
r90k
r90k
r90k r90k March 7 Mar 7 #4
If you are buying insider access, get proof of date/time from k8 logs. 1h window.
TerrysTemplefan23
TerrysTemplefan23
TerrysTemplefan23 TerrysTemplefan23 March 7 Mar 7 #5
Yes, proof requested before funds. no exceptions.
u_098
u_098
u_098 u_098 March 8 Mar 8 #6
You can get 4k from our contact; has SIEM access until april.
TerrysTemplefan23
TerrysTemplefan23
TerrysTemplefan23 TerrysTemplefan23 March 9 Mar 9 #7
DMed. leaving thread for visibility, we need more offers.
l82q
l82q
l82q l82q March 9 Mar 9 #8
Disable IP whitelists or choose cloud provider; on-prem ones are easier.
TerrysTemplefan23
TerrysTemplefan23
TerrysTemplefan23 TerrysTemplefan23 March 9 Mar 9 #9
Ideally want both, but strongly prefer enclosed SOC of 500+ employees.
v92m
v92m
v92m v92m March 9 Mar 9 #10
What payment method you prefer for fast non-complaint custody?
TerrysTemplefan23
TerrysTemplefan23
TerrysTemplefan23 TerrysTemplefan23 March 9 Mar 9 #11
XMR or BTC with cut executor; no chain analysis canary.
s_906
s_906
s_906 s_906 March 9 Mar 9 #12
Tell us your threat actor type; are you an IR team or hostile ops?
TerrysTemplefan23
TerrysTemplefan23
TerrysTemplefan23 TerrysTemplefan23 March 9 Mar 9 #13
Private contractor with longtime offensive track record.
laura_s
laura_s
laura_s laura_s March 9 Mar 9 #14
Post update: someone offered Workday admin for 3k. keep open.
h10p1
h10p1
h10p1 h10p1 March 9 Mar 9 #15
We need SOC access with read-only; pickup if they offer escalation path.
tommyK
tommyK
tommyK tommyK March 9 Mar 9 #16
Be careful with vendor MCS folks; they usually have eyes on you.
TerrysTemplefan23
TerrysTemplefan23
TerrysTemplefan23 TerrysTemplefan23 March 10 Mar 10 #17
Point taken. We'll do multi-step vetting and hold escrow to reduce risk.
zv18
zv18
zv18 zv18 March 10 Mar 10 #18
At this point might be easier to get from CISO's assistant via social engineering.
TerrysTemplefan23
TerrysTemplefan23
TerrysTemplefan23 TerrysTemplefan23 March 10 Mar 10 #19
Also exploring that, but this thread is specifically insider stage.

DJDT

Versions

Time

Settings from devproject.settings

Headers

Request

SQL queries from 1 connection

Misago User Permissions

Misago User ACL

Static files (349 found, 10 used)

Templates (39 rendered)

Cache calls from 1 backend

Signals