Very excited to share the news with you all that I'll be speaking at SANS #BlueTeamSummit next month on "Hunting OneNote Malware - A Practical Guide for Blue Teams" Register now for the event: sans.org/u/1paV SANS Cyber Defense 🧢 SANS Institute #ThreatHunting #DFIR #BlueTeam

On June 12 I’ll virtually present a new talk at one of my fave events of the year, the SANS Cyber Defense 🧢 Blue Team Summit, on a topic near & dear to my heart: splitting hairs about where malware delivery vehicles stop & their payloads start! Register here! sans.org/cyber-security…

Hey #blueteam, I'm looking to add to the team. We have an Elastic/OpenSearch Engineer position open. The position is all about making an active, usable SIEM that has proper parsing, normalization, visualizations, alert, and MITRE coverage. indeed.com/job/elasticope…

SANS Blue Team Summit is a month away! Please register today! It is virtual and free. I am looking forward to Stef Rand talk and you should be too! sans.org/cyber-security…

The SANS #BlueTeamSummit brings together #InfoSec professionals on the front line of defending an organization's critical assets and systems against attacks and threats from adversaries. Join us Live Online for FREE June 12-13! ➡️ Register here: sans.org/u/1paL

Looking forward to hearing more nuggets from Carson Zimmerman on "How to Save Your SOC from Stagnation" come join us at the SANS #BlueTeamSummit in June! sans.org/cyber-security…

Is your SOC facing burnout and high turn? Come join us at the SANS #BlueTeamSummit in June to learn more about how to reduce! sans.org/cyber-security…

Blue Teamers Assemble! 🛡 Join us Live Online for the #BlueTeamSummit June 12-13 Hear from #BlueTeam experts on topics like Zero Trust Architecture, hunting OneNote malware, reducing burnout in the SOC, & improving rules effectiveness. Register for 🆓: buff.ly/3Mc68DC

I've done this and it's painful. Work smarter not harder.

Attention Samsung Users! thehackernews.com/2023/05/samsun…

Remember kids, just because your admin says the alert they tripped was "legitimate admin activity" doesn't mean it was done with good operational security practices. Remember to look at alarms for poor OpSec.

📣 Seeking Elastic Engineer! Join our growing company at H&A Security Solutions LLC. Help us find the perfect candidate skilled in Elastic/OpenSearch. US citizens only. Referral bonus: $500 Amazon gift card if hired! Learn more: indeed.com/job/elasticope…

Blue teamers assemble! Join us for this year's SANS Blue Team Summit Live Online, June 12-13. Check it out: buff.ly/3IONG1X

Drastic changes in alert volume should be their own alert. Valleys in the chart could be indicating broken alert engines or no underlying data. Peaks could be signs of wide spread changes to your environment, mass activity.

To add to this, here is an example of a chart we use to highlight alert changes between two periods. You have to ask yourself, what happened during that high spike? Was a new rule deployed, did some network wide config change, did my exclusions break?

The previous owner of my home attempted to start finishing the basement himself...let's just say mistakes were made...how does one space studs so wrong!?

The #BlueTeamSummit with @sechubb and Gene McGowan Jr starts now! Not registered? There's still time to sign up: buff.ly/3VgWTVz

.Microsoft has published an advisory related to CVE-2023-36884, an actively exploited #RCE vulnerability in Microsoft Office. Volexity's #threatintel team identified this #0day, related infrastructure & malware and is credited in the report: msrc.microsoft.com/update-guide/v… #dfir [1/2]

Everyone forgets about the "political capital" you build among other IT teams. It can mean waiting 1 hour for something or 6 months. The help you give to others will pay you back at some point when you need it most.