Twitter | Search | |
Search Refresh
@pro_integritate Jun 10
Network graph showing indicator relationships (green) that can be extracted from PCAPs to detect intrusions and other badness. Main focus is on primary indicators, not secondary (grey) ones like traffic size flows. Created in just one week - and will grow.
Reply Retweet Like
Stryder Jun 14
Here's a ridiculous question twitter, what are some common features of Emotet URL's? Or how the hell would you go efficiently identifying them.
Reply Retweet Like
mazdeka Jun 6
Any good article(s)/ideas for detecting HTTP/HTTPS tunneling through logs??
Reply Retweet Like
Roberto Rodriguez Jun 11
Updated OSSEM data dictionaries after v10.0 release. New OriginalFileName field for events 1 & 7. Updated Schema version: 4.21. Take a look at the new events manifest/schema in OSSEM 💜
Reply Retweet Like
Vadim Khrykov Jun 14
It is very difficult to hide Sysmon presence on the system, but as blue teamers we have to do our best to hide our favourite sensor as much as possible:
Reply Retweet Like
SB 16h
for winlogon\shell persistence, apart from reg path change (especially HKCU\...) pay attention to abnormal child processes of userinit.exe (!=explorer.exe and eventually some netlogon related scripts or bat files)
Reply Retweet Like
Censys Jun 12
Are you proactively fighting threats or stuck in a reactive cycle after the damage has been done? Find out how 's get ahead of the game
Reply Retweet Like
Mohammad Ghanbari 6h
Reply Retweet Like
ThreatQuotient Jun 12
Join today's webinar 'Leveraging for Efficient ' at 10am BST by registering now: .
Reply Retweet Like
RawSec 5h
Have you ever wanted to have ancestors processes in your Sysmon logs? Kind of useful for ! This has just been implemented in WHIDS your open source endpoint detection tool and will be available in the next release.
Reply Retweet Like
Ismael Valenzuela Jun 14
Minjector & Memhunter: learning code injection techniques and hunting memory resident malware like a boss (aka at scale) by my friend and colleague -
Reply Retweet Like
@pro_integritate Jun 11
Replying to @pro_integritate
One of the records that were dumped from a sample capture, can become lots of data so deduplication is on the table for tomorrows coding session
Reply Retweet Like
Nicole Hoffman Jun 11
It is exciting to see more and more threat hunting sessions at Cisco Live. I'm hoping to see more of this is in the future.
Reply Retweet Like
Olaf Hartong Jun 2
I’ve just published a small blogpost "Using Sysmon in Azure Sentinel”
Reply Retweet Like
Grifter May 16
Don’t let people sell you Threat Hunting like it’s some kind of wizardry. Strong knowledge of foundational protocols and operating systems is all you need. Know how things are supposed to work, so when they don’t work that way it sets off alarm bells.
Reply Retweet Like
Andrii Bezverkhyi Apr 19
Are you researching and writing detection and hunting rules? Earn money in your sleep by selling them at our marketplace! Developer program is out and here's FAQ
Reply Retweet Like
Adel K May 27
just released fatt; a script for extracting network metadata and fingerprints from pcap files and live network traffic. Go fingerprint all the things!
Reply Retweet Like
Ali Hadi May 26
Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis
Reply Retweet Like
Intellectual Point 1h
Reply Retweet Like
Kris® Mar 8
Reply Retweet Like