If you are a student or new to the InfoSec community and would like to attend the #ThreatHuntingSummit 2020 SANS DFIR virtually😃, fill out this form by 3 pm (EST) today to win a guest pass (Only one available) Thank you Jose Rodriguez 🇵🇪 🙏💜 bit.ly/THS20GuestPass

Coinciding with J⩜⃝mie Williams's and his #ThreatHuntingSummit talk, we've just released part 1 of a blog series by ATT&CK team member Jose Rodriguez 🇵🇪 on a proposed method of enhancing an often overlooked part of ATT&CK, data sources. Check it out at medium.com/mitre-attack/d….

🙏So happy to see our initial data modeling concepts applied to enhance ATT&CK . This is a more practical & less subjective approach to map event logs ➡️ att&ck data sources. We hope this helps the community to improve their data collection strategy. Thanks Jose Rodriguez 🇵🇪 🍻

Formalizing the mapping of security events to the ATT&CK data source objects concepts 🍻 We would love to hear your feedback and see your contributions to this community-led effort!! 💜 Thank you Jose Rodriguez 🇵🇪 💜 Blog: medium.com/threat-hunters…

Thank you @jaredhaight 😊🙏 With the latest updates to ATT&CK data sources by Jose Rodriguez 🇵🇪 , we are translating that doc to YAML files to create additional documentation and hopefully get contributions from the InfoSec Community 😊 github.com/OTRF/OSSEM-DM/…

In their #THIRSummit talk, Jose Rodriguez 🇵🇪 & J⩜⃝mie Williams illustrates how we can avoid the typical cat and mouse games by modeling the data sources defined in ATT&CK to recognize, track, and even predict the malicious scent of adversaries. Watch it now: youtu.be/eKeydMrXsOE

🚨 New version of our "attackcti" Python 🐍 library to query ATT&CK in STIX format via their public TAXII server has been released! 1⃣ ICS ATT&CK Integration ✅ 2⃣ Basic Notebook to explore ICS Content ✅ 📔 Binder: mybinder.org/v2/gh/OTRF/ATT… 📦Repo: github.com/OTRF/ATTACK-Py…

#Eko2020 | BlueSpace | Roberto y Jose Luis Rodriguez: Open Threat Research (Keynote) "Open Threat Research: Compartiendo herramientas Open Source con el mundo para el desarrollo de detecciones desde casa", una charla de Roberto Rodriguez 🇵🇪 y Jose Rodriguez 🇵🇪. youtube.com/watch?v=6-UVaP…

Thinking about contributing to an os project during the holidays? 😉The Open Threat Research have updated our Detection Model 1⃣Contribute security events to ATT&CK data sources github.com/OTRF/OSSEM-DM/… 2⃣Provide feedback github.com/OTRF/OSSEM-DM/… 3⃣Have fun ossemproject.com/notebooks/dm/a…

Looking forward to it! 🍻 Let's talk about some of the steps taken before sharing a dataset with the community 💜

💥😱 James Forshaw added "named pipe RPC client transport" to NtObjectManager 🔥 Thank you very much James for all your work 👏! I'll create PS scripts to cover a few scenarios 🍻 (Img 4) If anyone would like to help me, let me know 😉 Open Threat Research github.com/Cyb3rWard0g/Wi…

Sharing some data samples (PCAP & WinEvents) to validate detection of lateral movement via remote scheduled task creation & update 🍻 Open Threat Research 1⃣ Creation: mordordatasets.com/notebooks/smal… 2⃣ Update: mordordatasets.com/notebooks/smal… ThreatHunter-Playbook Library Doc: github.com/OTRF/ThreatHun…

What started w/ talks at ATT&CKcon & analysis of event logs, We're happy to see Jose Rodriguez 🇵🇪 & Roberto Rodriguez 🇵🇪 initial research helping ATT&CK users improve their data collection strategies. Join us to collab 🍻 Open Threat Research 🎙️ bit.ly/OTRDiscord 🛡️ github.com/OTRF/OSSEM-DM/…

🚨 In less than 24h 😉, we are sharing telemetry ( #Sysmon, Security & System) through the @Mordor_Project to help everyone 🌎 expedite the validation process of detection rules! Jose Rodriguez 🇵🇪 #CobaltStrike 🗒️Metadata: mordordatasets.com/notebooks/smal… 😈Dataset: raw.githubusercontent.com/OTRF/mordor/ma…

🚨 New version of the Windows Security Events connector from #AzureSentinel reached public preview Looking for a way to test & filter the collection of event logs via XPath queries? I got you! 💜🍻 Microsoft SIEM and XDR #MSTIC Open Threat Research OSSEM techcommunity.microsoft.com/t5/azure-senti…

🚨 We decided to re-brand Mordor to Security Datasets 😈 We’ll cover new types of datasets to extend its application 💜 more coming soon.. 🍻 Help us build the largest library of datasets for the InfoSec community! 🚀 Site: securitydatasets.com/introduction.h… Repo: github.com/OTRF/Security-…

Today, Microsoft is open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. Read about the design principles and learn how to deploy: msft.it/6011n46MT

🚀 Any NEW fields on the schemas for #SysmonForLinux events compared to Windows🤔? Jose Rodriguez 🇵🇪 used our #Sysmon for Windows & Linux data dictionaries in a python 🐍 script to answer that😎 ✅ ParentUser (ProcessCreate) ✅ User (EID 5,9,11) 🖇️ Script: github.com/OTRF/OSSEM-DD/…

OSSEM Jose Rodriguez 🇵🇪 Will be coming on Windows soon ;)

Olaf Hartong ATT&CK Freddy Dezeure Red Canary, a Zscaler company Mauricio Velazco @jsecurity101 Thank you so much for sharing the OSSEM Detection Model 🙏 and all your contributions to it! Very happy to see the project helping others in the community 🌎🎊 github.com/OTRF/OSSEM-DM/…