@iscnick I'm starting a project to track these and their forensic footprints. Take a look: docs.google.com/spreadsheets/d…

love this!! from zendannyy.substack.com/p/detection-en…

For all your sigma conversion needs check out sigconverter.io 🎉, a web app that make use of the latest and greatest pySigma library and its different features. No more excuses. Leverage all the sigma rules available with a simple click🔥

github.com/embee-research…

From ScreenConnect to Hive Ransomware in 61 hours ➡️Initial Access: ScreenConnect ➡️Defense Evasion: BITS Jobs, Embedded Payloads ➡️Lateral Movement: Impacket, RDP, SMB ➡️C2: ScreenConnect, Atera, Splashtop, Cobalt Strike, Metasploit ➡️Exfil: Rclone thedfirreport.com/2023/09/25/fro… 1/X

Another deeply technical report filled with tons of actionable intelligence from The DFIR Report Highlights more malicious use of RMMs ConnectWise, Splashtop and Atera. Awesome work!!

Crowdstrike recently reported threat actors using @LevelSoftwareCo RMM in attacks. My latest blog details forensic artifacts you can use to assess the damage. #DFIR #ThreatHunting dfirtnt.wordpress.com/2023/09/05/rmm…

Another tight RMM forensics blog entry hit this week. Check out HackUponTheGale 's entry about Microsoft Quickassist!! hackuponthegale.github.io/blog/dfir/Quic…

#WikiLoader - #TA544 - pdf > url > .zip > .js > .js > .dll wscript.exe DSV 101.js wscript.exe out.js C:\Users\User\AppData\Local\Temp\npp.8.6.portable.x64\notepad.exe (sideload)👇 \npp.8.6.portable.x64\plugins\mimeTools.dll (1/3)👇 IOC's github.com/pr0xylife/Wiki…

The Violence and Democracy Impact Tracker (VDIT)—which we we built with @SNFAgoraJHU— reveals that 51% of experts assess the impact of political violence on elections as indicating significant erosion.

Happy #InternationalWomensDay. It inspires me to think about how far we have come in my lifetime. It motivates me to think about how far we still have to go.

“But containers are isolated processes” Is something I heard as recently as 14 days ago, when I was training a class on Cloud Security Incident Management at a Fortune 100 Bank. And this was a statement made by a Security Architect at said bank I nearly choked on the water I

I love the development the MDE team puts into expanding the telemetry! Our slackbot informed me JA3 / JA3S hashes are now recorded. Pretty cool for hunting and detection engineering!

F Ukraine? Free Ukraine!

We have tested CVE-2025-24813. Under specific circumstances, an exploit sent to a vulnerable Apache web server running outdated Tomcat software could lead to remote code execution. We used a 2-step method that resulted in a successful attempt. Details at bit.ly/426Njtp

In order for billions of people to "vibe code" we need a tool with the power of Cursor, and the simplicity of ChatGPT. Early Access wave one begins today.

HuntableGPT now uses retrieval-augmented context. - 250 intel samples - 170 linked SIGMA rules - SIGMA rule guides by Thomas Patzke Florian Roth ⚡️ Refining hunt logic generation through clearer examples + references. 🔗 lnkd.in/eqSky_UU #Huntable #ThreatHunting #SIGMA