OSSEM

31 posts

OSSEM

@OSSEM_Project

Open Source Security Event Metadata ! Data engineers! #ThreatHunting @OTR_Community

https://ossemproject.com/intro Katılım Eylül 2019

7 Takip Edilen1.5K Takipçiler

OSSEM retweetledi

Open Threat Research@OTR_Community·23 Eki

@olafhartong @MITREattack @FDezeure @redcanary @mvelazco @jsecurity101 Thank you so much for sharing the @OSSEM_Project Detection Model 🙏 and all your contributions to it! Very happy to see the project helping others in the community 🌎🎊 github.com/OTRF/OSSEM-DM/…

English

OSSEM retweetledi

Thomas Garnier@mxatone·15 Eki

@OSSEM_Project @Cyb3rPandaH Will be coming on Windows soon ;)

English

OSSEM@OSSEM_Project·15 Eki

🚀 Any NEW fields on the schemas for #SysmonForLinux events compared to Windows🤔? @Cyb3rPandaH used our #Sysmon for Windows & Linux data dictionaries in a python 🐍 script to answer that😎 ✅ ParentUser (ProcessCreate) ✅ User (EID 5,9,11) 🖇️ Script: github.com/OTRF/OSSEM-DD/…

Roberto Rodriguez 🇵🇪@Cyb3rWard0g

🚨 Learning how to install #Sysmon for Linux 🐧 & send security events to #AzureSentinel in a research lab environment!! 🧪 #MSTIC #Microsoft 📡 Sysmon (SysinternalsEBPF) -> Syslog -> SIEM 🚀 ✅ Scripts ✅ ARM templates ✅ Sysmon configs and more.. techcommunity.microsoft.com/t5/azure-senti…

English

OSSEM@OSSEM_Project·15 Eki

@Cyb3rWard0g 🚨 Thanks to @Cyb3rPandaH , we updated our #Linux data dictionaries to keep up with the event schemas from #SysmonForLinux and share them with the community 🚀 I see some new fields names 🙊👀 #sysmon-events" target="_blank" rel="nofollow noopener">ossemproject.com/dd/dictionarie… @OTR_Community

English

Roberto Rodriguez 🇵🇪@Cyb3rWard0g·14 Eki

English

174

474

OSSEM retweetledi

Microsoft Threat Intelligence@MsftSecIntel·19 Ağu

Today, Microsoft is open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. Read about the design principles and learn how to deploy: msft.it/6011n46MT

Microsoft Threat Intelligence tweet media

English

145

319

OSSEM retweetledi

Open Threat Research@OTR_Community·30 Haz

🚨 We decided to re-brand Mordor to @SecDatasets 😈 We’ll cover new types of datasets to extend its application 💜 more coming soon.. 🍻 Help us build the largest library of datasets for the InfoSec community! 🚀 Site: securitydatasets.com/introduction.h… Repo: github.com/OTRF/Security-…

English

108

OSSEM retweetledi

Roberto Rodriguez 🇵🇪@Cyb3rWard0g·25 Haz

🚨 New version of the Windows Security Events connector from #AzureSentinel reached public preview Looking for a way to test & filter the collection of event logs via XPath queries? I got you! 💜🍻 @MSThreatProtect #MSTIC @OTR_Community @OSSEM_Project techcommunity.microsoft.com/t5/azure-senti…

English

116

OSSEM retweetledi

Open Threat Research@OTR_Community·12 Haz

🚨 In less than 24h 😉, we are sharing telemetry ( #Sysmon, Security & System) through the @Mordor_Project to help everyone 🌎 expedite the validation process of detection rules! @Cyb3rPandaH #CobaltStrike 🗒️Metadata: mordordatasets.com/notebooks/smal… 😈Dataset: raw.githubusercontent.com/OTRF/mordor/ma…

Florian Roth ⚡️@cyb3rops

APTSimulator 0.9.0 featuring #CobaltStrike beacon activity simulation with - NamedPipe Creation - Service installation & exec pattern - HTTP beaconing github.com/NextronSystems… If you want to help, add some steps in here: github.com/NextronSystems…

English

188

OSSEM@OSSEM_Project·29 Nis

What started w/ talks at ATT&CKcon & analysis of event logs, We're happy to see @Cyb3rPandaH & @Cyb3rWard0g initial research helping ATT&CK users improve their data collection strategies. Join us to collab 🍻 @OTR_Community 🎙️ bit.ly/OTRDiscord 🛡️ github.com/OTRF/OSSEM-DM/…

ATT&CK@MITREattack

It has launched! ATT&CK v9 is now live with refactored data sources, ATT&CK for Containers, Google Workspace as a platform and more! Read about new data sources and the rest of the update at medium.com/mitre-attack/a… or attack.mitre.org/resources/upda… for new/changed groups/techniques/sw.

English

OSSEM retweetledi

Security Datasets@SecDatasets·19 Ara

Sharing some data samples (PCAP & WinEvents) to validate detection of lateral movement via remote scheduled task creation & update 🍻 @OTR_Community 1⃣ Creation: mordordatasets.com/notebooks/smal… 2⃣ Update: mordordatasets.com/notebooks/smal… @HunterPlaybook Library Doc: github.com/OTRF/ThreatHun…

John Lambert@JohnLaTwC

microsoft.com/security/blog/…

English

OSSEM retweetledi

Roberto Rodriguez 🇵🇪@Cyb3rWard0g·18 Ara

💥😱 @tiraniddo added "named pipe RPC client transport" to NtObjectManager 🔥 Thank you very much James for all your work 👏! I'll create PS scripts to cover a few scenarios 🍻 (Img 4) If anyone would like to help me, let me know 😉 @OTR_Community github.com/Cyb3rWard0g/Wi…

English

136

OSSEM retweetledi

Security Datasets@SecDatasets·15 Ara

Looking forward to it! 🍻 Let's talk about some of the steps taken before sharing a dataset with the community 💜

Red Canary, a Zscaler company@redcanary

THIS FRIDAY: Catch @Cyb3rWard0g in conversation with @mattifestation for the last #AtomicFriday of 2020! bit.ly/33AKlil

English

OSSEM@OSSEM_Project·26 Kas

Thinking about contributing to an os project during the holidays? 😉The @OTR_Community have updated our Detection Model 1⃣Contribute security events to @MITREattack data sources github.com/OTRF/OSSEM-DM/… 2⃣Provide feedback github.com/OTRF/OSSEM-DM/… 3⃣Have fun ossemproject.com/notebooks/dm/a…

English

OSSEM retweetledi

Ekoparty | Hacking everything@ekoparty·25 Kas

#Eko2020 | @BlueSpaceSec | Roberto y Jose Luis Rodriguez: Open Threat Research (Keynote) "Open Threat Research: Compartiendo herramientas Open Source con el mundo para el desarrollo de detecciones desde casa", una charla de @Cyb3rWard0g y @Cyb3rPandaH. youtube.com/watch?v=6-UVaP…

YouTube

Español

OSSEM retweetledi

Open Threat Research@OTR_Community·25 Kas

🚨 New version of our "attackcti" Python 🐍 library to query @MITREattack in STIX format via their public TAXII server has been released! 1⃣ ICS ATT&CK Integration ✅ 2⃣ Basic Notebook to explore ICS Content ✅ 📔 Binder: mybinder.org/v2/gh/OTRF/ATT… 📦Repo: github.com/OTRF/ATTACK-Py…

English

OSSEM retweetledi

SANS DFIR@sansforensics·22 Kas

In their #THIRSummit talk, @Cyb3rPandaH & @jamieantisocial illustrates how we can avoid the typical cat and mouse games by modeling the data sources defined in ATT&CK to recognize, track, and even predict the malicious scent of adversaries. Watch it now: youtu.be/eKeydMrXsOE

YouTube

English

OSSEM retweetledi

Roberto Rodriguez 🇵🇪@Cyb3rWard0g·19 Kas

Thank you @jaredhaight 😊🙏 With the latest updates to @MITREattack data sources by @Cyb3rPandaH , we are translating that doc to YAML files to create additional documentation and hopefully get contributions from the InfoSec Community 😊 github.com/OTRF/OSSEM-DM/…

English

OSSEM@OSSEM_Project·28 Eki

Formalizing the mapping of security events to the @MITREattack data source objects concepts 🍻 We would love to hear your feedback and see your contributions to this community-led effort!! 💜 Thank you @Cyb3rPandaH 💜 Blog: medium.com/threat-hunters…

English

141

OSSEM@OSSEM_Project·11 Eyl

🙏So happy to see our initial data modeling concepts applied to enhance @MITREattack . This is a more practical & less subjective approach to map event logs ➡️ att&ck data sources. We hope this helps the community to improve their data collection strategy. Thanks @Cyb3rPandaH 🍻

ATT&CK@MITREattack

Coinciding with @jamieantisocial's and his #ThreatHuntingSummit talk, we've just released part 1 of a blog series by ATT&CK team member @Cyb3rPandaH on a proposed method of enhancing an often overlooked part of ATT&CK, data sources. Check it out at medium.com/mitre-attack/d….

English

OSSEM retweetledi

ATT&CK@MITREattack·10 Eyl

GIF

English

109

Keşfet

@olafhartong @MITREattack @FDezeure @redcanary @mvelazco @Cyb3rPandaH @Cyb3rWard0g @OTR_Community