Make a backup copy of all your Custom ATP Detections with a little PowerShell script I'm sharing here. I look forward to Microsoft just building this feature into their product and putting this script out of business. Until then ... github.com/clr2of8/Export…

Can you detect #fin7 #griffon recon? Here is a VBScript script that does Griffon recon and prints out the results (no C2). I based this on a decoded/cleaned version of an ITW Griffon downloader, so the recon behavior matches the real behavior exactly. gist.github.com/kirk-sayre-wor…

All, it is no secret that we use URLHaus among other tools from abuse.ch to give you this data daily on the #Emotet botnet. If your organization uses our data you should help abuse.ch in their time of need by having your org donate. Please read!

medium.com/walmartglobalt…

On a serious note with #Emotet being neutered - Marcus has a VERY important point here and if you have Emotet running on a computer, you likely have or had one of Ivan's friends there too. Time to look for Bokbot(IcedID)/Qakbot/Trickbot/ZLoader on the same computers now!

TrickBot crew playing around with loading cobaltstrike from fake github repos now: medium.com/walmartglobalt…

As a student in Darin Roberts and Carrie Roberts's "Attack Emulation Tools," you'll get the knowledge and tools you need to begin executing simulated attacks within your own test environment. The upcoming section of this course starts 4/27. More here: wildwesthackinfest.com/training/attac…

EDR or no EDR, ship sysmon by default on all endpoints. I've had cases where EDR missed named pipes, and process access/image load events. The cost savings for the additional security metrics are unquantifiable.

medium.com/walmartglobalt… Using CPU emulation to decrypt Baza strings

We're hiring on the Red Team at Walmart! This position is remote. Please reach out with any questions, DMs are open. careers.walmart.com/us/jobs/WD8350…

We've released a decryptor for #Diavol #ransomware, which is believed to be associated with the Russia-based #Trickbot Group. Big thanks to sysopfb and the threat intel team @walmart. #NoMoreRansom 1/3 emsisoft.com/ransomware-dec…

medium.com/walmartglobalt…

Our second day of the #nccdc breakfast is kicking off with our Platinum Sponsor Walmart Global Tech sharing insights into several of the environments that they work diligently to protect.

Hiring for Walmart's internal Red Team! careers.walmart.com/us/jobs/WD1332…

Don't miss the next episode in Carrie Roberts 's Atomic Spotlight series, "Malware Blocking Execution with 'DisallowRun' Registry Key", today 6:30 p.m. ET (UTC-5)! Watch on YouTube or Twitch. Twitch: twitch.tv/antisyphon YouTube: youtube.com/watch?v=h0aa3Q…

The Walmart Red Team is growing! Looking for some folks to fill junior to intermediate roles. If you have adjacent experience and have been looking for a way to get into Red Teaming, let's chat! walmart.wd5.myworkdayjobs.com/WalmartExterna…

Derrick Gray (Derrick Gray) representing #walmart at #nccdc! We are proud to sponsor this event. It's truly something unique and special. National CCDC Walmart Global Tech

Walmart's Red Team and Cyber Deception teams are growing! I'm hiring a Director that will lead incredibly technical people doing fantastically interesting work. careers.walmart.com/us/jobs/WD1575…