Need to go under the radar downloading #mimikatz (and other suspect payloads)? Then newly discovered #lolbin "C:\Windows\System32\Cmdl32.exe" (signed by MS) is for you. It's like a new certutil.exe but absolutely unheard of by any antivirus software!

🔖 AWS Security Monitoring in 2023: Untangle the chaos This post provides recommendations for implementing an effective security monitoring strategy in AWS. From cloudonaut.io cloudonaut.io/2023-08-04-aws…

A great talk on Detection Engineering by Aaron (@acjewitt.bsky.social), “Real world detection engineering in a multi-cloud environment” youtu.be/IHDNkpAr5JY

GitHub - pushsecurity/saas-attacks: Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown github.com/pushsecurity/s…

Want to simulate cloud ransomware in your AWS account? Stratus Red Team now supports 3 attack techniques to emulate S3 ransomware! • S3 Ransomware through individual file deletion • S3 Ransomware through batch file deletion • S3 Ransomware through client-side encryption 🧵

Important Rule for Life: When in doubt, zoom out. Being perpetually zoomed in creates two challenges: 1. Struggle feels bigger than it really is. 2. Growth feels smaller than it really is. The 10,000 foot view provides perspective—on the manageable nature of your struggles and

Refreshed "pass the things" AD mindmap, the previous one was not in a dark theme (outrageous I know) ⏩ thehacker.recipes/ad/movement/nt… 💡 made with draw.io

Scaling detection and response operations at Coinbase part 2 & 3: 🔍 Driving context into detection logic with machine and user profiles 🔧 Codifying automatic remediation for high-risk detections 📫 Automating alert triage with employees via Slackbot coinbase.com/blog/scaling-d…

This is pretty radical - Adam shared some python for generating intel report summaries loosely based on blog.securitybreak.io/the-intel-brie….. great work there btw! Once shared, I converted it to streamlit, we added all the functions to it as it would have via the CLI. Boomtown! I'll

🔖 Following attackers’ (Cloud)trail in AWS: Methodology and findings in the wild Datadog's methodology to proactively identify malicious activity by investigating logs in AWS Cloudtrail. From Datadog, Inc. securitylabs.datadoghq.com/articles/follo…

Oct 2nd we prevented an attack on an Okta account. Forensics led us to believe that the point of entry was actually due to a compromise within Okta's Support environment. Okta has now confirmed that to be the case, other customers affected. beyondtrust.com/blog/entry/okt…

Wow Nice 🥹 This page covers a number of “ActionTypes” in Advanced Hunting !! Super useful for tracking activities. ✅ GitHub: github.com/Iveco/xknow_in… #KQL #Kusto #AdvancedHunting

Mean time to detect is an OK measure, but examining the 90th percentile tells you *way* more about your detection process. The mean (average) can be affected by outliers. If you have a few really fast or slow detect times, they can make your average higher or lower than what’s

I updated the EDR telemetry project with corrected telemetry and new additions! See below the changes and upcoming EDRs: ✅ Corrected Trend Micro Telemetry ✅ Corrected ESET Telemetry 🌟 Added Qualys EDR 🎯New Additions Coming Up: 🔜 Sophos EDR 🔜 Cortex EDR Vendors are

Curious about how ATT&CK maps to sensor logs? Our Defensive lead Lx’C ॐ led a @MITREengenuity team to map ATT&CK data sources & data components to events in: 🪵 Auditd 🪵CloudTrail 🪵OSQuery 🪵Sysmon 🪵WinEvtx 🪵ZEEK Check it out at …for-threat-informed-defense.github.io/sensor-mapping…!

Naval Ravikant: hire people who just solve problems without even being asked to solve the problem

Join us for a rapid-fire session with Wasim Halani , Director of Detection Engineering at Securonix, where we uncover his exciting adventures in #SocialEngineering and his inspiring journey as a #leader All this and more at Breakpoint :) Watch now! youtu.be/VXbQ6ABHuGQ

Today I'd like to share a tool I recently wrote called Rulehound. It's a detection ruleset catalogue and search engine containing over 7,500 rules from 5 distinct sources. More details in thread. rulehound.com

Inspired by Al Murabba neighborhood and palace, New Murabba moves ahead.

[This is not in chronological order] During early pen testing days, you had to manually hunt for open ports on the internet with listening services, and then either blind fuzz them or model them on your own system and find memory corruption. Then nmap came out and changed the