Today, I'm releasing Process Spawn Control (PsC). PsC suspends newly launched processes, and gives the analyst the option to either keep the process suspended, or to resume it: github.com/felixweyne/Pro… ↪️Demo use case: execute an Emotet Office dropper step by step 🧐

Seems my #bluehatv18 talk is now up. If you’re interested in memory resident implant techniques a couple of #sysmon and #atp bypasses then check it out youtu.be/02fL2xpR7IM

#ThreatHuntThursday: Luke Jennings explores how Gargoyle-inspired techniques can be leveraged within the .NET framework to hide in-memory .NET payloads from memory scanning techniques....plus how to detect it - countercept.com/blog/gargoyle-… | #security

Yesterday, Microsoft announced there's a remotely exploitable heap overflow in MS DNS on Server 2012R2 and later. Infosec, how are we not talking about this?! portal.msrc.microsoft.com/en-US/security…

If you've ever wanted to know more about using osquery for process and socket auditing on Linux, we just released a two-part blog post series on it today! Pt. 1: medium.com/palantir/audit… Pt. 2: medium.com/palantir/audit…

Following on the the latest release of THE-HELK , I wanted to share a little bit of my experience while integrating the Sigma project via Elastalert. I hope this post helps to provide some more details about it! KSQL post is next 😉🦌🎄🎄#ThreatHunting 🍻 posts.specterops.io/what-the-helk-…

To celebrate the first Investigation Theory offering of 2019, I'm giving away a free seat in the online class that starts Monday. To enter, just retweet this tweet! I'll pick a winner on Thursday night. You can read about Investigation Theory here: networkdefense.co/courses/.

[Blog] COM XSL Transformation: Bypassing Microsoft Application Control Solutions (CVE-2018-8492) wp.me/p7MIao-hV

#ThreatHuntThursday: Read our new blog post on how to hunt for SILENTTRINITY - a recently released post-exploitation agent powered by IronPython and C# - countercept.com/blog/hunting-f… | #threathunting #infosec

New blog post added looking at how to spoof arguments like Cobalt Strike’s “argue” command, and a weird bug which can stop ProcessExplorer from giving the game away. blog.xpnsec.com/how-to-argue-l…

medium.com/dfir-dudes/reg… I'm releasing Regipy: an OS independent python library for parsing offline registry hives, with a lot of awesome features! #DFIR

Releasing Mordor 😈📜! A repo of pre-recorded security events generated by emulated adversarial techniques in the form of JSON files for easy consumption! Jose Rodriguez 🇵🇪 & I wanted to facilitate the development & testing of data analytics 🍻 #ThreatHunting github.com/Cyb3rWard0g/mo…

Analysis of First Stage payload used in ASUS attack Operation #ShadowHammer Kaspersky >> countercept.com/blog/analysis-…

How to Dechain Macros and Bypass EDR by Alex Davies| #threathunting countercept.com/blog/dechainin…

Today I'm releasing a tool I've been working on for a while, which aids hunters interested in proactive detection of malicious activity in macOS environments. posts.specterops.io/introducing-ve…

Senior Security Consultant Oddvar Moe gives us a look through the eyes of a #hacker using phishing by leveraging Azure Information Protection (AIP) in his latest #blog Next Gen Phishing - Leveraging Azure Information Protection - TrustedSec hubs.ly/H0hBHts0

Excited to release the first parts of my #ThreatHunting w/ Project Jupyter notebooks series 😊💜 You will go from creating your first notebook to leveraging Apache Spark SQL to JOIN relevant data sources to detect lateral movement 🍻 THE-HELK SpecterOps posts.specterops.io/threat-hunting…

Announcing msticpy - Python security tools for #Jupyter. We've been building tools to support defender hunting/investigations in Jupyter notebooks. Check out the overview here techcommunity.microsoft.com/t5/Azure-Senti…

Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: github.com/specterops/at-… Enjoy! For information about our current training offerings, information can be found here: specterops.io/how-we-help/tr… (4/4)

Slack is an integral component for many companies these days, so Julian Catrambone Lee Chagolla-Christensen and I wanted to share how we've been abusing it in Red Team operations to keep an eye on our target and get some valuable intel: posts.specterops.io/abusing-slack-…