Security Datasets

66 posts

Security Datasets

@SecDatasets

Contributing datasets, from different platforms, to the InfoSec community to expedite data analysis and threat research! https://t.co/j62Xx21lEc

Datastore Katılım Eylül 2019

5 Takip Edilen2.1K Takipçiler

Sabitlenmiş Tweet

Security Datasets@SecDatasets·24 Eyl

🚨 Collecting and sharing logs from the ☁️ 🙏 Thanks to project SimuLand 🏝️ (an @OTR_Community Initiative), we are starting to collect data from known community templates & emulation plans 😎 🌩️AWS Dateset: mordordatasets.com/notebooks/smal… 🏗️ SimuLand: github.com/OTRF/SimuLand/…

English

Security Datasets retweetledi

Microsoft Threat Intelligence@MsftSecIntel·19 Ağu

Today, Microsoft is open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. Read about the design principles and learn how to deploy: msft.it/6011n46MT

Microsoft Threat Intelligence tweet media

English

144

319

Security Datasets retweetledi

Open Threat Research@OTR_Community·30 Haz

🚨 We decided to re-brand Mordor to @SecDatasets 😈 We’ll cover new types of datasets to extend its application 💜 more coming soon.. 🍻 Help us build the largest library of datasets for the InfoSec community! 🚀 Site: securitydatasets.com/introduction.h… Repo: github.com/OTRF/Security-…

English

108

Security Datasets@SecDatasets·23 Haz

@cyb3rops @OTR_Community @sigma_hq 😉💜

GIF

QME

Florian Roth ⚡️@cyb3rops·23 Haz

@Mordor_Project @OTR_Community @sigma_hq Oh, no, it's about process memory dumping

English

Security Datasets@SecDatasets·23 Haz

We shared a dataset that contains the core behavior 🍻 You can add more context around it! (i.e. Service creation & execution) @OTR_Community 😈 Data: mordordatasets.com/notebooks/smal… 🛡️@sigma_hq rules: 1⃣ github.com/SigmaHQ/sigma/… 2⃣ github.com/SigmaHQ/sigma/… How Do I use the data? ⏬

John Lambert@JohnLaTwC

#HuntingTipOfTheDay Search for command lines 🔎with 'comsvcs.dll' and 'MiniDump' to find credential dumping. 👀 ✏️Test your detections: gist.github.com/JohnLaTwC/3e7d… 📎References: ▪️risksense.com/blog/hidden-ge… by Jenna Magius and Nate Caroe (@RiskSense) ▪️modexp.wordpress.com/2019/08/30/min…

English

Security Datasets retweetledi

John Lambert@JohnLaTwC·16 Haz

Importance of data sets for SecOps research and rule testing with projects by @SBousseaden, @Mordor_Project, @Cyb3rWard0g's SimuLand

English

Security Datasets retweetledi

Open Threat Research@OTR_Community·12 Haz

🚨 In less than 24h 😉, we are sharing telemetry ( #Sysmon, Security & System) through the @Mordor_Project to help everyone 🌎 expedite the validation process of detection rules! @Cyb3rPandaH #CobaltStrike 🗒️Metadata: mordordatasets.com/notebooks/smal… 😈Dataset: raw.githubusercontent.com/OTRF/mordor/ma…

Florian Roth ⚡️@cyb3rops

APTSimulator 0.9.0 featuring #CobaltStrike beacon activity simulation with - NamedPipe Creation - Service installation & exec pattern - HTTP beaconing github.com/NextronSystems… If you want to help, add some steps in here: github.com/NextronSystems…

English

188

Security Datasets retweetledi

Microsoft Security@msftsecurity·20 May

It's time to go to SimuLand! 🎠🎡🎢 But it isn't a new vacation theme park hot spot, it's a new open-source initiative that will help you deploy a lab environment to reproduce real attack scenarios to test your security defenses. Get the details: msft.it/6017VxcHv

English

168

335

Security Datasets@SecDatasets·21 May

@Cyb3rPandaH @DebugPrivilege @OTR_Community

GIF

QME

Jose Rodriguez 🇵🇪@Cyb3rPandaH·21 May

@Mordor_Project @DebugPrivilege @OTR_Community Time to play in the clouds of Simuland 😈

GIF

English

Security Datasets retweetledi

Open Threat Research@OTR_Community·27 Nis

Sharing @Mordor_Project datasets for "Getting AD FS Database Config Remotely" (Security, Sysmon & PCAP) @Cyb3rWard0g 🍻🙏 mordordatasets.com/notebooks/smal… 1⃣ A few tool-based comments at the host level 2⃣ Group hosts & processes connecting to AD FS server over port 80 (Usually 443)

Dr. Nestori Syynimaa@DrAzureAD

New version of #AADInternals out now, including remote dumping of #ADFS configuration database🔥 Read the blog at: o365blog.com/post/adfs/ Credits to @vesat, @doughsec, @BakedSec, @_dirkjan, @gentilkiwi, @MGrafnetter, and @Cyb3rWard0g for your help and previous work!

English

Security Datasets@SecDatasets·8 Nis

@cyb3rops

GIF

QME

Florian Roth ⚡️@cyb3rops·7 Nis

Terms we used in my years in IR Mordor: completely compromised network segments (FUBAR) Jurassic Park: networks with many EOL/EOS servers& outdated software Spreadsheet of Doom: ever growing list of compromised hosts/accounts Figurative speech helps you cope with all the misery

English

171

Security Datasets@SecDatasets·22 Mar

@Cyb3rWard0g @Ch33r10 @NetworkDefense @chrissanders88 Happy to see you are using the @Mordor_Project ! The project comes with small (atomic) and large (campaigns) datasets. One great example of how to use our large datasets is this post by @filar (APT3) elastic.co/blog/discoveri…

English

Roberto Rodriguez 🇵🇪@Cyb3rWard0g·22 Mar

@Ch33r10 @Mordor_Project @NetworkDefense @chrissanders88 These might be helpful 🍻 MITRE BRAWL Dataset: github.com/mitre/brawl-pu… Mendeley Data: data.mendeley.com/datasets/zh3wn… A Survey of Network-based Intrusion Detection Data Sets (PAPER): arxiv.org/pdf/1903.02460… (Data repositories in links in every page)

English

Dr. Ch33r10@Ch33r10·22 Mar

Need pointers for #threathunting 🏹related datasets I can use for #machinelearning 🕹 research paper 📑for my doctorate 👩‍🎓 So far I found @Mordor_Project @Cyb3rWard0g Maybe I can use @NetworkDefense Practical TH data? @chrissanders88 Any #cobaltstrike data publicly avail?

English

Security Datasets@SecDatasets·14 Mar

@OTR_Community @Cyb3rWard0g @sigma_hq @ProjectJupyter @jack_halon @Flangvik @mvelazco 😈 Endpoint dataset: built-in & Sysmon telemetry 🛡️ Doc: mordordatasets.com/notebooks/smal… ✅ Web shell created ✅ Unexpected compiled ASPX files created by w3wp in Temporary ASP[.]NET Files directory ✅ OabVirtualDirectory ExternalUrl set to <script> ✅ w3wp child process & more

English

Open Threat Research@OTR_Community·14 Mar

Now that #ProxyLogon POCs are public, help defenders learn the underlying behavior? The weekend isn't over yet! @Cyb3rWard0g 1⃣ Azure Sentinel Env: github.com/OTRF/Azure-Sen… 2⃣ Install 🐍, ⬇️ &💥 POC 4⃣ Share @Mordor_Project datasets, @sigma_hq rules, @ProjectJupyter notebooks

English

184

Security Datasets@SecDatasets·19 Ara

Sharing some data samples (PCAP & WinEvents) to validate detection of lateral movement via remote scheduled task creation & update 🍻 @OTR_Community 1⃣ Creation: mordordatasets.com/notebooks/smal… 2⃣ Update: mordordatasets.com/notebooks/smal… @HunterPlaybook Library Doc: github.com/OTRF/ThreatHun…

John Lambert@JohnLaTwC

microsoft.com/security/blog/…

English

Security Datasets@SecDatasets·15 Ara

Looking forward to it! 🍻 Let's talk about some of the steps taken before sharing a dataset with the community 💜

Red Canary, a Zscaler company@redcanary

THIS FRIDAY: Catch @Cyb3rWard0g in conversation with @mattifestation for the last #AtomicFriday of 2020! bit.ly/33AKlil

English

Security Datasets retweetledi

Red Canary, a Zscaler company@redcanary·2 Ara

Big news ya'll: @Cyb3rWard0g will be hosting our next Atomic Friday on December 11! Join us for a deep dive into @Mordor_Project and learn strategies for expediting data analysis. bit.ly/33AKlil