Quick question - Other than Sysmon and Elastic, which security products include call stacks in the telemetry they generate? William Burgess namazso mgeeky | Mariusz Banach klez Peter Winter-Smith thefLink 5pider Kyle Avery

Are you an Aussie willing to relocate to Canberra? Can you find bugs and write exploits in embedded devices like we did at pwn2own? If so, apply for a job at InfoSect DM for details.

It’s wonderful to see what Xeno Kovah and his collaborators have built for the community. I always recommend OST2 for my new hires and other juniors, or just anyone trying to get started on a new topic. The courses are excellent. It’s an honor to sponsor the Windows Security Path

We have good news for those who missed out on our Advanced Detection Engineering in the Enterprise training at Black Hat US. Our ADE training is coming to Black Hat Asia 2025, in Singapore! Registration is open! Information and registration: blackhat.com/asia-25/traini…

Exciting news! I’m starting X-Force’s new offensive research team (XOR) and hiring a security researcher. Want to work with researchers (like b33f | 🇺🇦✊ and I) to find bugs, exploit popular targets, and share your work? Apply for this unique (remote) role 😊careers.ibm.com/job/21219320/s…

In our search for new forensic artifacts at ExaTrack, we sometimes deep dive into Windows Internals. This one is about COM and interacting with remote objects using a custom python LRPC Client. STUBborn: Activate and call DCOM objects without proxy: blog.exatrack.com/STUBborn/

Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit for early access and the slides! Huge thanks to Black Hat and my awesome co-presenter splitline 👁️🐈‍⬛! 🐈‍

Behold this magnificent and ridiculously photogenic crew, tasked with choosing the speakers for the upcoming BlueHat IL conference. Ready to wow them with your pitch-perfect abstract? Of course, you do - so why wait, submit it today: microsoftrnd.co.il/bluehatil/home

New blog from me on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a novel AMSI bypass that I identified in 2023. By taking control of CLR assembly loads, we can load assemblies from memory with no AMSI scan. securityintelligence.com/x-force/being-…

The Women In Security and Privacy (WISP) board is coming together to determine our top priorities for 2025 - YOU get to instruct us on what you would like those priorities to be! Need more scholarships, cons, exams/certs, mentors, events, or something else? Tell us your needs! docs.google.com/forms/u/4/d/e/…

Yarden Shafir (Yarden Shafir) is back for Offensivecon 2025 🤩 Sign up now to the Windows Internals Training. *Training tickets also guarantee first slots in the waiting list for conference tickets. offensivecon.org/trainings/2025…

Zero Trust and EDR Tier list rated by nation-state funded AI catgirls. ranked by amount of snake oil in product

ATT&CK never felt quite right to me. I originally thought it was just that the taxonomy was incomplete. Then Jared Atkinson framed my misgivings as a missing dimension and it just clicked.

Dive deep into malware detection with the latest article by John Uhlmann: "Call Stacks: No More Free Passes for Malware." Discover how call stacks provide vital insights into malware behavior. Read more: go.es.io/4kDWjgr

David Weston (DWIZZZLE) Greg Linares (Laughing Mantis) Huntress We’ve been trying to join MVI for years, but don’t get accepted because we don’t delete malware from endpoints. Super frustrating. We’re deployed on over a million endpoints and want to stick to best practices.

An increased visibility into threads' call stacks helps with more reliable malware detection. The approach is based on ETW telemetry and module's Export Directory data for information enrichment. A post by John Uhlmann of Elastic Security Labs. Great read! #redteam #blueteam #maldev

I'm happy to finally release NovaHypervisor! NovaHypervisor is a defensive hypervisor with the goal of protecting AV/EDR vendors and crucial kernel structures that are currently uncovered by VBS and PatchGuard. Full explanation below 1/6. github.com/Idov31/NovaHyp…

Announcing our whitepaper on the future of endpoint security. preludesecurity.com/runtime-memory…

I’ll be around if anyone wants to chat about endpoint security.