👁️ LOLC2 Collection of C2 frameworks abusing legitimate services to evade detection Major update: new projects tested, enriched data, and deeper insights. site: lolc2.github.io github: github.com/lolc2/lolc2.gi…

Everything is detectable, I’ve built detections for these but the cost on SOC is high. For some of them, even with baselines/low signals, filtering or AI triage, the workload remains significant in large environments. Realistically, very few teams will detect these anomalies

blockchain smart contracts lolc2.github.io/#blockchain-sm…

new services added to lolfsaas zendesk: lolfsaas.github.io/#Zendesk milanote: lolfsaas.github.io/#Milanote

🧩 ExtSentry 🧩 extsentry.github.io Browser Extensions threat intel feeds for multiple platforms + extension checker, permissions analyzer, policy generator, forensic traces guide, remediation playbook & endpoint inventory scripts

If you want to use the list as an external data source (in KQL) rather than listing individual extension ids manually, you can do something like the following: github.com/UserNotHome/us…

🧅 TOR archive feed: tor-archive.github.io Every IP that has ever been a TOR node! Searchable with full timeline, exit/guard/middle role, country, ASN, updated hourly since 2024.

We open sourced the tool used to detect the Axios supply chain compromise! I built it Friday after a red eye home from RSAC. Also, wrote up the full story, including the hectic moments after that first critical alert github.com/elastic/supply…

Start detecting and blocking malicious browser extensions extsentry.github.io

💠VSXSentry💠 vsxsentry.github.io VS Code Extensions threat intel feeds for multiple platforms, VSIX analyzer, scripts & policy generator, remediation and forensic traces guide

Another great resource! I recently put a blog together on how you can inventory your VSCode extensions using device telemetry in DefenderXDR. thrunt.fyi/inventorying-v… The output can be used to compare to VSXSentry.

🎉 Hundreds of new malicious browser extensions added to extsentry.github.io !

🚀 One of my colleagues at InfoGuard pointed me to a cool project collating malicious browser extensions, so I wrote a Velociraptor artifact to hunt with the data. 🔗 github.com/mgreen27/Detec… 🔗 extsentry.github.io ExtSentry has some good browser extension investigation

Block Tor usage entirely by enforcing deny rules against active Tor nodes using tor-archive.github.io feed And implement SIEM/EDR detections for: - internal hosts connecting to known Tor nodes on the associated ports - successful account logins from Tor exit nodes

No time to rest for the analysts, in this case Claude. CPU-Z supply-chain compromise analysis ZIG Malware FTW gist.github.com/N3mes1s/b5b0b9…

LOLExfil and ExtSentry feeds are now integrated into MagicSword, so activity tied to both can be blocked directly in the platform. You can try it here through my affiliate link: magicsword.io/plan?utm_sourc…

Automatically block and disable malicious browser extensions with a browser extension! Perfect for family devices or anyone who just wants simple protection, no GPOs or enterprise setup... now on the Chrome Web Store: chromewebstore.google.com/detail/extsent…

Almost everything people casually read as Git provenance is spoofable: identity, dates, messages, trailers, ancestry, refs, and tags.. and even signed commits does not make the timeline true; it only proves the payload was signed, the only real time anchor is "verified_at"