Merry Christmas Blue Teamers! 🎄🎅🎁🔔 Invoke-Bof allows you to load and execute any #CobaltStrike Beacon Object File (BOF) to test your detection capabilities! #DFIR github.com/airbus-cert/In… Airbus CERT is looking for new team member, if you're interested get in touch!

To celebrate this new release of msticpy, we share a "Today I Learned" blog post on how to extract Sysmon data from Splunk and visualize as a Process Tree: skyblue.team/posts/using-ms…

Still don't know how to respond when people try to portray it as "irrational" to state a strong preference to avoid getting sick with an extraordinarily contagious, sometimes deadly, sometimes disabling virus, whether or not it's likely to be "mild" in one individual case.

Want to simulate any #ETW logs using powershell, even the security one? Do you want to import any evtx files into the current eventlog session? github.com/airbus-cert/nt… will help you to test your detection rules! #DFIR #Powershell

Time Travel Debugging for #IDA !!! github.com/airbus-cert/tt… #SSTIC. Thanks Ajax !!!

Anomaly detection in command lines with Markov chains, Splunk app provided 🤩 github.com/ANSSI-FR/AnoMa… by ANSSI #SSTIC

The results are out! We are very honoured to have won first place🥇in the Hex-Rays plugin contest 2022 🎉 Our entry was "ttddbg", a time-travel debugging plugin for IDA already presented at #SSTIC 2022. Many congratulations to all the other entrants!

And nothing could be done without the wonderful library github.com/commial/ttd-bi… ! Thanks Ajax

Anaïs Gantet, Nicolas Devillers (NK) and Mouad Abouhali (Mouad معاذ Abouhali ) are going to present “The unavoidable pain of backups: security deep-dive into the internals of NetBackup” at #HEXACON2022. A thought to Jean-Romain Garnier (Jean-Romain) that was not able to participate.

Le SSTIC aura lieu du 7 au 9 juin 2023. L'appel à contributions est en ligne: sstic.org/2023/cfp/. Date limite de soumission : 30 janvier. Vous hésitez ? Relisez nos conseils: blog.sstic.org/2017/01/06/com…

The #flareon9 write-ups from my team ! skyblue.team/posts/flareon9/ We are still looking for new talents ! More on pastebin.com/hqt4mqhX

I've always thought that in order for Defenders to be truly effective, it is vital they know where the telemetry they are leveraging is coming from. Today I am releasing a project called TelemetrySource that is meant to support that cause. Blog: posts.specterops.io/uncovering-win…

Brute Ratel v1.3 is now released. This release brings in complete malleability, new shellcode, evasions to the core and detection rules for the previous version for the blueteam community. #BRc4 bruteratel.com/release/2022/1…

A new update with Active Directory Explorer, Contig, and Sysmon has now been posted! Get the tools at sysinternals.com See what's new on the Sysinternals Blog: techcommunity.microsoft.com/t5/sysinternal…

He is awesome: My fellow eeriedusk from the Airbus CERT added file hashes to process execution event logs to Sysmon for Linux, congrats man! github.com/Sysinternals/S… Let's try to have features parity with the Windows version now.

Powershell deobfuscator github.com/airbus-cert/mi…

Have you ever tried setting up a shared and reproductible forensics lab? After hitting several brick walls with Docker, Ansible and others, we ended up finding a solution that ticked all the boxes we wanted: Nix. See for yourselves! skyblue.team/posts/nix-fore… #DFIR #NixOS

scrings is a strings utility that will output only semantically valid strings based on tree-sitter grammar. scrings support #python #javascript #sql #powershell #bash #php A #volatility plugin is also available to catch scripts in memory ! github.com/airbus-cert/sc…