Join us at #DFIRSummit when John Stoner provides a better understanding of what a Golden SAML attack looks like and to drive greater awareness of what the defender will see. Register here: sans.org/u/1pkc #DFIR #IR #IncidentResponse

Our team at Google Cloud Tech POC for GoogleVRP partnered with Okta to collaborate and develop a set of YARA-L rules that Okta users can apply to their Chronicle instance. Check out our blog which contains links to rules, their blog and more! #secops chronicle.security/blog/posts/bet…

And that is all for today folks! Thank you to our advisory board members, speakers and attendees here in #Austin and online. We will be back tomorrow for more #DFIR Could not attend today? Join us tomorrow! Register here sans.org/u/1pkc

In our latest New to Chronicle we cover building rules to detect tor exit nodes and remote access tools with data sets that we provide in POC for GoogleVRP ! Learn how to build rules to take advantage of these feeds! Google Cloud Tech chronicle.security/blog/posts/new…

Thanks to the fine folks at Antisyphon Training and Ean Meyer - @eanmeyer.bsky.social for MC-ing track two for Blue Team Summit. I hope everyone enjoyed it as much as I did and thanks for letting me come and speak!

I know you want to hear about Google Cloud goodness like Duet AI for POC for GoogleVRP and Mandiant (part of Google Cloud) this week but I’ve posted my latest New to Chronicle blog in case you are getting started building dashboard tiles! chronicle.security/blog/posts/new…

Just in time for the weekend, my latest New to POC for GoogleVRP highlights building a tabular tile in your Google Cloud Tech Chronicle dashboards. If you haven't tried it yet, you really should! chronicle.security/blog/posts/new…

Building dashboards in POC for GoogleVRP and you are looking for a time chart? We’ve got you covered. Here’s my latest including an intro of the pivot function! Google Cloud Tech chronicle.security/blog/posts/new…

In our latest New to Chronicle blog, we continue to explore building dashboards with Google Cloud Tech in POC for GoogleVRP . This time we add customization to create custom fields, aggregations and calculations! chronicle.security/blog/posts/new…

I find it interesting that in Australia I can order a pint yet when I get a set of tasters they are labeled as 200mL each

Presenting today at the Australian Cyber Conference in Melbourne and rocking my CYBERWARCON socks! looking forward to a new set in a few weeks!

This is a bit delayed, but here's my talk from SANS DFIR in Austin on visibility around a Golden SAML attack and subsequent cloud activity in both Azure AD and O365. Big thanks to Heather Mahalik Barnhart and Phil Hagen for giving me an opportunity to present! youtube.com/watch?v=Vpgiwp…

COBBS WIN! COBBS WIN! Men's hockey remains unbeaten on the year as they beat Northland. Shots: CC 41, NC 15 - Zach Stoner gets his 1st college goa!l - Triggs, Plante, Lehmann, Henkemeyer-Howe & Olson score for CC - Dane Couture makes 13 saves & gets his 1st college win!

Way to go boys! instagram.com/p/CzNYKjBNwAg/

Heading to CYBERWARCON tomorrow and looking forward to it, not the drive, but I'll take it in return for the content! #cyberwarcon

As we conclude the building our dashboard arc in the Google Cloud Tech New to POC for GoogleVRP series, here are tips on formatting & filtering to pass parameters to the dashboard & how you can share your dashboards with your friends & neighbors! chronicle.security/blog/posts/new… #secops #siem

The LOLBin advisory that was published in May is a solid piece of work with good tips and advice. If you haven’t checked it out yet you really need to. media.defense.gov/2023/May/24/20…

Just waiting for someone to break the ice and open the communal Cheetos CYBERWARCON the orange fingers will be the giveaway

In this installment of the Google Cloud Tech New to POC for GoogleVRP blog series, we take a look at saving, re-using, sharing and template-izing those well crafted searches for others in your organization to benefit from! #secops chronicle.security/blog/posts/new…

Pleasure to take the stage once again with my friend and colleague John Stoner at FIRST Technical Colloquium today in Amsterdam #FIRSTAMS2024.