#Day3 #100DaysOfBlueTeam Today I learned a few things about some open source projects. I must admit I was not expecting the music theme for the example of @Mordor_Project 🤣 youtu.be/kBe6-D1_ais

Since I last discussed Redirecting account use with Roberto Rodriguez 🇵🇪 & Jose Rodriguez 🇵🇪's Mordor APT29 datasets in #toolsmith 144, @OliverRochford has been hard at work for Brim, exploring further & documenting his practice well. Check out medium.com/brim-securitys… & the prior post. Great work!

Check out mordordatasets.com/notebooks/smal… and threathunterplaybook.com/notebooks/wind… - Mordor Dataset and Playbook entry for wuauclt.exe abuse with many thanks to Roberto Rodriguez 🇵🇪 🤜 for his epic work as ever! Will be updating blog with these links too for reference 💪

HOW to contribute a @Mordor_Project dataset in 2 mins ⏳w/ the help of Red Canary, a Zscaler company ART & then contribute to sigma after exploring the data! Open Threat Research ♻️ Clear, Exec & Collect: youtu.be/6iteEfbuwU8 😈 Data: mordordatasets.com/notebooks/smal… 🏹 Rule: github.com/OTRF/sigma/blo…

😈 Adding more Windows datasets after using Red Canary, a Zscaler company Atomic Red Team and Mauricio Velazco PurpleSharp 💜 Thank you all for everything you share with the Infosec Community 🌎 Courtesy of the Open Threat Research ! Commit: github.com/OTRF/mordor/co…

Very happy to join forces, leverage PurpleSharp and share the data with the community! Keep up the great work Mauricio Velazco ! More coming soon.. 😈

If you are wondering what this might look like in Sysmon, we got you covered with a new small dataset. You can simply download it from the link below and explore it with PSH as shown in the second image below 😊 Thank you Johnny Shaw ! 😈 mordordatasets.com/notebooks/smal…

So cool to see this! 👍

Looking for ways to validate detection rules for that specific behavior? A small sample of data and a few rules! Thank you Rob Maslen Dominic Chell 👻 Lee Chagolla-Christensen Open Threat Research 😈 Dataset: mordordatasets.com/notebooks/smal… 🏹 sigma: 1) github.com/OTRF/sigma/blo… 2) github.com/OTRF/sigma/blo…

Don`t Forget to checkout Project SimuLand for ☁️Cloud Datasets mordordatasets.com/notebooks/smal…

Big news ya'll: Roberto Rodriguez 🇵🇪 will be hosting our next Atomic Friday on December 11! Join us for a deep dive into @Mordor_Project and learn strategies for expediting data analysis. bit.ly/33AKlil

Looking forward to it! 🍻 Let's talk about some of the steps taken before sharing a dataset with the community 💜

Sharing some data samples (PCAP & WinEvents) to validate detection of lateral movement via remote scheduled task creation & update 🍻 Open Threat Research 1⃣ Creation: mordordatasets.com/notebooks/smal… 2⃣ Update: mordordatasets.com/notebooks/smal… ThreatHunter-Playbook Library Doc: github.com/OTRF/ThreatHun…

Sharing @Mordor_Project datasets for "Getting AD FS Database Config Remotely" (Security, Sysmon & PCAP) Roberto Rodriguez 🇵🇪 🍻🙏 mordordatasets.com/notebooks/smal… 1⃣ A few tool-based comments at the host level 2⃣ Group hosts & processes connecting to AD FS server over port 80 (Usually 443)

It's time to go to SimuLand! 🎠🎡🎢 But it isn't a new vacation theme park hot spot, it's a new open-source initiative that will help you deploy a lab environment to reproduce real attack scenarios to test your security defenses. Get the details: msft.it/6017VxcHv

🚨 In less than 24h 😉, we are sharing telemetry ( #Sysmon, Security & System) through the @Mordor_Project to help everyone 🌎 expedite the validation process of detection rules! Jose Rodriguez 🇵🇪 #CobaltStrike 🗒️Metadata: mordordatasets.com/notebooks/smal… 😈Dataset: raw.githubusercontent.com/OTRF/mordor/ma…

Importance of data sets for SecOps research and rule testing with projects by Samir, @Mordor_Project, Roberto Rodriguez 🇵🇪's SimuLand

We shared a dataset that contains the core behavior 🍻 You can add more context around it! (i.e. Service creation & execution) Open Threat Research 😈 Data: mordordatasets.com/notebooks/smal… 🛡️sigma rules: 1⃣ github.com/SigmaHQ/sigma/… 2⃣ github.com/SigmaHQ/sigma/… How Do I use the data? ⏬

🚨 We decided to re-brand Mordor to Security Datasets 😈 We’ll cover new types of datasets to extend its application 💜 more coming soon.. 🍻 Help us build the largest library of datasets for the InfoSec community! 🚀 Site: securitydatasets.com/introduction.h… Repo: github.com/OTRF/Security-…

Today, Microsoft is open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. Read about the design principles and learn how to deploy: msft.it/6011n46MT