Updated ETW event list for 20H2. cc: OSSEM, Roberto Rodriguez 🇵🇪 github.com/jdu2600/Window…

here is a way to show your support and send kudos to all hard workers that contributed to sigma, Red Canary, a Zscaler company Atomic Red Team, and TheHive projects during the OSCD sprints! subscribe and share the list: x.com/i/lists/130895… #EUATTACKworkshop

I’m pleased to present this Windows exploit. Process Herpaderping is a method for evading detection - similar to process migration, hollowing, or doppelganging. herpaderping.com

example of initial execution traces (sysmon) of ProcessHerpaderping uploaded jxy-s.github.io/herpaderping/ github.com/sbousseaden/EV…

One another Oracle #WebLogic RCE vuln. It scores CVSS 9.8 and needs no authentication. We published #suricata rule to detect CVE-2020-14882 in our github: github.com/ptresearch/Att…

Want to know how to hunt for Zerologon? My team prepared this article for you! bi-zone.medium.com/hunting-for-ze… #BIZONE #zerologon #vulnerability #secops #microsoft

It's a great honor to talk about such a wonderful initiative!

Join to our colleague speech "From Old Higaisa Samples to New Winnti Backdoor: The Story of One Research" standoff365.com/conferences/25… #winnti #apt

Super excited to share that we've updated the Expel #mindmap on detection and response in #AWS. Via the link below you'll receive: - Expel AWS mindmap - defender's cheat sheet in AWS - a blank mind map so you can build your own! expel.io/blog/mind-map-…

Tomorrow, Rohan Vazarkar and I are releasing the newest version of #BloodHound: 4.0. See the new features, new GUI, and new attack primitives first during our SO-CON presentation called "Six Degrees of Global Admin". Register here: specterops.io/so-con2020/eve…

After months of multiple approvals I'm happy to share with you our investigation details in the Russian media company about collaboration between the #APT group and #ransomware operator. ptsecurity.com/ww-en/analytic… #EmissaryPanda #APT27 #BronzeUnion #LuckyMouse

finally, the video has been released: youtube.com/watch?v=Jv558o… thank you for your continuous support, John Lambert!

We've transferred Florian Roth ⚡️'s repository into SigmaHQ's organisation account Next steps: ./rules > separate repo ./tools > separate repo Add the 2 new repos as sub repos in the original one github.com/SigmaHQ/sigma/

As preparation for the huge OSCD merge and for better differentiation Sigma gets a new "informational" severity level: github.com/SigmaHQ/sigma/… Rules ranked with "informational" are not intended to generate cases or alerts, but they are very useful to enrich or tag events!

Just merged the huge OSCD pull request into the Sigma master branch. Lots of new and improved rules. Big thanks to all contributors, it was a pleasure to review!

Do you know how to decrypt the #PsExec network traffic? archercreat.github.io/psexec_encrypt…

Very (very) soon in #mimikatz 🥝 Client RDP passwords/PIN in MSTSC process, decrypted. Without previous injection/hook in process, of course😉 Especially useful on jump servers🤪 ~ Can also be used to debug some internal properties ~

Use our #suricata rules to detect both #PrintNightmare (CVE-2021-1675) exploits. Adding printer driver across the network is rare but still possible case, so there might be a few of false alerts. Tell us if you get some. github.com/ptresearch/Att…

OSCD: Simulation, Detection & Response Sprint #2 Summary has been published. Thanks to all the participants and those who helped with it! Stay tuned! #ThreatIntel #ThreatHunting #ThreatDetection #BlueTeam Links: [EN] medium.com/oscd/oscd-spri… [RU] habr.com/ru/post/576448/

Акции ПАО «Группа Позитив» начнут торговаться на Мосбирже 17 декабря с 11:00. Ищите нас по тикеру POSI. Рассчитываем привлечь талантливых людей индустрии и создать сплоченное сообщество единомышленников-совладельцев. Подробнее: bit.ly/3F1bqvz