We officially have a blog! Thinking of threat hunting in Azure? Start here: defensiveorigins.com/azure-security… jordan drysdale #infosecurity

I once skated through the NYSE because trading on the floor was too intimidating. Investing in the stock market is scary if you aren’t an expert or don’t have money to burn. But Public is changing the game; the app allows you to invest small amounts in publicly traded companies

The "Cloud Pentesting" Roundup is well nigh upon us. Join us on December 10! Beau Bullock will MC. Presenters include Dirk-jan, Jon Helmus, Ohm-I (Oh My), Andrew Krug, and elitest. Attendees register for free. Learn more here: wildwesthackinfest.com/the-roundup/cl…

Mapped all of the Amazon GuardDuty Findings to ATT&CK. A bit more of an art than a science. Hopefully useful to some detection and response teams out there. See 🧵for more detail 👇

***NEW*** BHIS | Tester's Blog Azure Security Basics: Log Analytics, Security Center, and Sentinel by: jordan drysdale Published: 11/24/2020 Learn more: blackhillsinfosec.com/azure-security…

***NEW*** BHIS | Tester's Blog Azure Sentinel Quick-Deploy with Cyb3rWard0g’s Sentinel To-Go - Let’s Catch Cobalt Strike! by: jordan drysdale Published: 12/2/2020 Learn more: blackhillsinfosec.com/azure-sentinel…

Thanks Brother! Couldn't do it without you!

Great year in webcasts. Black Hills Information Security Wild West Hackin' Fest

💥😱 James Forshaw added "named pipe RPC client transport" to NtObjectManager 🔥 Thank you very much James for all your work 👏! I'll create PS scripts to cover a few scenarios 🍻 (Img 4) If anyone would like to help me, let me know 😉 Open Threat Research github.com/Cyb3rWard0g/Wi…

Fresh on the blog today: "A Sysmon Event ID Breakdown" defensiveorigins.com/a-sysmon-event… jordan drysdale #infosec #sysmon #sysinternals #logging #threatoptics #cybersecurity

Sysmon 13 has just been released. I’ve just published a detailed look at the new ProcessTampering feature in a blog. medium.com/falconforce/sy… #DFIR #Infosec #Sysmon

Thank you for the cool swag GRIMM Cyber. #GrimCon 0x3 was a blast!

Remember the Squirrel Nut Zippers?

Applied Purple Teaming will be offered only once this year, so unless you plan on waiting until 2022 to join us for APT, you'll want to register ASAP. Registration closes this Wednesday (1/27): defensiveorigins.com/trainings/ #infosec #purpleteam #blueteam #redteam #cybersecurity

#ThreatHunting: A #Sysmon Event ID Breakdown bit.ly/3acUlkm-Ttx Olaf Hartong jordan drysdale Black Hills Information Security 𝞝 #Enterprises #Organizations #ThreatHunting #Hacking #InfoSec #CyberAttacks #LateralMovements #CyberSecurity #WMIC #ClipBoard #Passwords #MitreAttack #MSDefender

Red teams / pen testers etc. What one thing can blue teams do to make your life more difficult? What do you come across and think “Damn, they did that”?

@cillic Sysmon, 25 event IDs, better visibility vs. traditional Windows Logging. Great blog on Sysmon Logging and EventIds, with the new Event Id 25, Process Tampering, written by jordan drysdale blackhillsinfosec.com/tag/sysmon/

BHIS | Tester's Blog A Sysmon Event ID Breakdown by: jordan drysdale Published: 1/8/2021 Learn more: blackhillsinfosec.com/a-sysmon-event…

Update list for Badblood: 1. Parameters for easier creation of Objects 2. Parameters to skip LAPS and OU creation.

If you see something, say something!! jordan drysdale hacking public wifi, trying hard to get someone to ask what he's doing.