Andrew Morris GreyNoise Mass exploitation starts with adversaries scanning the internet for vulnerable services. Why not block at the earliest possible stage in the attack chain?

Read more about JA4T in our blog (just released): blog.foxio.io/ja4t-tcp-finge…

If you need to do (bulk) downloads on our corpus please use the new archive.orkl.eu instead of web crawlers on the main page.

If you are a Defender/Sentinel user, consider using KQL function series_decompose_anomalies(), for anomaly detection.

learn.microsoft.com/en-us/azure/da…

You definitely don’t need Copilot but if you are still not sure then use this flowchart

Interesting reading on antivirus evasion techniques for beginners
Credits gatari

gatari.dev/posts/a-trip-d…

#infosec #evasion

You can get the list of vulnerable drivers blocked by Microsoft Defender in this page. If you don’t use Defender, there are instructions to block them by WDAC

learn.microsoft.com/en-us/windows/…

Thinking of attending a security conference?

Just make sure your company didn't recently join the 'vulnerability of the month' club. Unless you want to dodge awkward questions.

If you want to play with KQL and use some of your own data rather than sample data, set yourself up a free Azure Data Explorer (ADX) cluster. No credit card or Azure subscription required, 100 GB storage, it is great for testing and ad-hoc analysis - learn.microsoft.com/en-us/azure/da…

Let's meet if you are attending the #FIRSTCTI24 cyber threat intelligence conference in Berlin.
first.org/conference/fir…

Microsoft Graph Activity Logs are out of public preview and now generally available. These have quickly become one of my favourite log sources for both detections and investigations, some guidance and example hunting queries here - techcommunity.microsoft.com/t5/microsoft-e…

Graph activity logs in azure are crucial to build detections for attacks that use graph api
Most common example are the discovery techniques used by tools like AzureHound
I recommend reading Fabian Bader blogs about this topic
cloudbrothers.info/detect-threats…
cloudbrothers.info/detect-threats…

This new book has finally arrived. Thank's to No Starch Press as well as Bill Pollock -- [email protected] for making it happen as well as Lee Holmes as my tech reviewer.

Could you imagine?

bleepingcomputer.com/news/microsoft…

The name of the button 'Blame' in GitHub doesn't really fit with a responsible team culture, I bet folks GitHub really know what does it take to have a blameless culture. In my opinion, It should be changed.
GitHub

This shows how important to send a thank you message to the people whose research you use.

If you are using Microsoft Defender, this small script could be useful to compare persistence locations report of an infected system with a confirmed clean system
github.com/alwashali/pers…

Two new columns have been added to Defender for Clouds

learn.microsoft.com/en-us/microsof…

BTW, I am not saying that this is what happened in the #xz backdoor case, but what does not help is, github makes it quite trivial to spoof user accounts... I was just able to make a commit as this person, in my own repository: github.com/malwerina/manu…

Nice timeline and tracking of the user JiaT75 in relation to the xz backdoor.

boehs.org/node/everythin…