As promised at the Mandiant Security Summit, a Golang reversing methodology with IDApython scripts to match each step of the way! Walkthrough blog– sentinelone.com/labs/alphagola…

If you ever want to "just" grep Windows Eventlog/Sysmon: gist.github.com/phantinuss/883…

Verifying myself: I am phantinuss on Keybase.io. sm-4I1TEwDnTruUoV-0sti8BC04XhZ7ykyup / keybase.io/phantinuss/sig…

TIL: make doesn't fail if there is an error in the beginning of a pipeline (by default). It is true for bash in general, but probably most dangerous for make. more on stackoverflow: stackoverflow.com/questions/2530…

Elastic EDR bypass :kappa:

Demystifying SIGMA Log Sources We‘re glad to announce a new contribution called log-source guides. The idea behind it is to provide specific guides on configuring a system’s audit policies so that the system actually creates the logs needed by the rules. nextron-systems.com/2023/03/24/dem…

New blog post: Connecting Sigma Rule Sets to your Environment with Processing Pipelines medium.com/sigma-hq/conne… If you convert Sigma rules into queries you should read this, especially if you never heard about processing pipelines before.

curl is so versatile curl is an alias for invoke-webrequest when called from PowerShell, a binary when called from cmd.exe, and part of a malware when called from a temporary folder by phantinuss & Nasreddine Bencherchali

New Sigma release r2025-05-21 is available for download. 🌟15 New Rules 🛡️47 Rule updates 🔬13 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… This release focused mainly on updates and tunings of older rules, with newer detections covering NimScan, AdFind,

New Sigma release r2025-07-08 is available for download. 🌟43 New Rules 🛡️34 Rule updates 🔬27 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… This release introduces a bunch of new rules including detections for - Katz Stealer - MeshAgent usage -

New Sigma release r2025-10-01 is available for download. 🌟43 New Rules 🛡️34 Rule updates 🔬27 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… This release introduces a bunch of new rules and updates - A bunch of CVE detections including CVE-2025-54309,

New Sigma release r2025-12-01 is available for download. 🌟35 New Rules 🛡️21 Rule updates 🔬30 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… The major update of this release is the introduction of windows regression testing in the CI. We now highly encourage