🚨 Bypassing the Bypass: Uncovering Okta Sign-On Policy Evasion! 🚨 Check out our latest blog where we delve into how attackers are evading Okta Classic Application Sign-On policies and how you can detect and prevent these sneaky tactics! 🔐🛡️🔍 Highlights: 🕵️‍♂️ Evasion

🛡️Windows Firewall and WFP are only two ways to silence an #EDR agent. 📢In my latest blog post I discuss another network based technique to prevent data ingest and ways to detect it. cloudbrothers.info/en/edr-silence… And if you want even more, checkout part 2 released by Mehmet Ergene

[NEW BLOG] EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2 In collaboration with Fabian Bader academy.bluraven.io/blog/edr-silen… #redteam

VirusTotal is already using YARA-X in production. virustotal.github.io/yara-x/blog/vi…

For everyone who has been following the exciting development work on YARA-X, this is a really cool milestone - VirusTotal's livehunt and retrohunt have now moved to YARA-X !! virustotal.github.io/yara-x/blog/vi…

Playbooks for SOC Analysts github.com/socfortress/Pl…

🎯 Introducing PowerShell-Hunter: Your New Favorite Event Log Analysis Tool! 🔍 Tired of drowning in PowerShell logs? We've got you covered: • Smart pattern detection for malicious behaviors • Risk scoring to prioritize threats • Export to CSV/JSON for your workflow •

Please Santa please, gimme some #YARA 🎅🎄 This blog post on our use of #YARA rules is also an opportunity for us to announce the release of hundreds of our #YARA rules on GitHub, which are now directly integrated into VirusTotal for detection. blog.sekoia.io/happy-yara-chr…

🎯 Introducing AD-ThreatHunting: ⚡ Supercharge Your AD Threat Hunting! 🛡️ Just Released: A comprehensive Active Directory PowerShell threat hunting tool that makes detecting suspicious activities easier than ever! ✨ Key Features: • Real-time attack detection • Advanced

DEATHCon 2025 dates announced: November 8-9 online and in even more in-person locations around the world!

I frequently get asked is "what skills do I need need to excel as an analyst", so I figure this is a good opportunity to shed some light on what analysis is, and why certifications alone won't make you a good analyst. jaiminton.com/high-impact-se…

🚨 New THOR Collective Dispatch post 🚨 In Part 5 of LP and my DEATHCon Thrunting Workshop series, we use advanced data analysis to find threats in HTTP datasets. Full post here: dispatch.thorcollective.com/p/a-deathcon-t… #infosec #threathunting #thrunting #THORCollective #splunk

Telemetry powers detection, threat hunting, and more—but are you collecting the right data? Not all telemetry is created equal. Understanding primary vs. secondary telemetry sources is critical for collecting the right data for these functions. Read more in my blog:

D3FEND 1.1.0 is now available. Check out our blog post on how to create D3FEND Graphs with D3FEND CAD! d3fend.mitre.org/blog/building-…

🪦 D.E.A.T.H. comes in many forms, and so does thrunting. Check out the latest THOR Collective Dispatch covering three ways to implement these in your org! dispatch.thorcollective.com/p/the-models-o… #threathunting #thrunting #detectionengineering #THORcollective #cybersecurity #DEATH #infosec

Normal is overrated. Hunt the outliers with Z-scores and standard deviation in the new THOR Collective Dispatch post. Read it here: dispatch.thorcollective.com/p/z-scoring-yo… #threathunting #thrunting #detectionengineering #infosec #cybersecurity #splunk #statistics

I’m an Incident Responder on the AWS Customer Incident Response Team (CIRT). And I get asked a lot of questions, like: “Where do I even start with incident response in the cloud?” Here’s a beginner-friendly thread on AWS IR tips — with a few lessons I learned 🧵👇

During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs. github.com/olafhartong/Ba… Slides available here: github.com/olafhartong/Pr…