Neil Cor

@atc_project @MITREattack @TheHive_Project Excellent product. Thank you

RE&CT framework released! A knowledge base of actionable Incident Response techniques, based on @MITREattack philosophy. Mapping to ATT&CK / AMITT, export to @TheHive_Project templates, visualization in the Navigator, and more! atc-project.github.io/atc-react/ #incidentresponse #dfir

I almost missed to celebrate my 10,000th handwritten YARA rule 🎉 I'm not very proud of the early ones. But being ashamed of old rules (or code) that you wrote months or years ago means that you've improved and that is definitely a good thing, isn't it? 🖖

In case you didn't catch it, we updated the ATT&CK Design and Philosophy paper last week. Details on sub-techniques, what ATT&CK coverage means, and a few more useful tidbits were added! attack.mitre.org/docs/ATTACK_De…

@MITREattack @stromcoffee

Our beta release of ATT&CK with sub-techniques is now live! We’ve just posted a blog post by @stromcoffee with links to all of the new resources and advice on how to leverage them (medium.com/mitre-attack/a…). You can also check out the new site itself at attack.mitre.org/beta/.

Kudos to @MITREattack for mentioning our project together with @Cyb3rWard0g's @HunterPlaybook in their new CTI training! Check it out: attack.mitre.org/resources/trai… #dfir #cti

@1lung_nick @AnfieldWatch @samalder01 Thats is quality

@AnfieldWatch @TrappedSheep @samalder01 🤣

@1lung_nick @LfckevO Cant think of a better way to win it

@LfckevO Winning it at Goodison @TrappedSheep?

What would be better confirming the title at Goodison or the game b4 & them having to give us a guard of honour??

A lot of mud slinging on InfoSec twitter lately; I wanted to flip the script a bit and highlight the blogs, tools, talks etc that I keep coming back to on a regular basis, both as a defender and general InfoSec professional. Thread..

Sigma2Attack generates #MITRE ATT&CK navigator heat maps from a set of #sigma rules by @christophetd Pull Request - already merged into master github.com/Neo23x0/sigma/… ATT&CK Navigator mitre-attack.github.io/attack-navigat…

We put a lot of effort in the creation of anomaly detection rules for our scanner Example: 1. Report mentions adversary exfiltrating ntds.dit in RAR archive 2. Create such an archive 3. Open in hex editor 4. Write YARA rule I'll put this one in the signature-base repo for LOKI

@MISPProject @FIRSTdotOrg @circl_lu @C3_Luxembourg Thanks. I will keep an eye out for any future conferences or training.

@TrappedSheep @FIRSTdotOrg @circl_lu @C3_Luxembourg We did one training during @FIRSTdotOrg CTI in London. But if a conference would host us in London for doing a MISP training, we would be more than happy to do it. The only condition is to have an open registration for external participants.

Next @MISPProject trainings will be in Ljubljana at @FIRSTdotOrg TC 14 November & at @circl_lu @C3_Luxembourg 03-05 December 2019 - MISP Introduction - MISP OSINT hands-on and MISP advanced developer session. #ThreatIntelligence misp-project.org/events/ Don't forget to register.

Added 63 threat hunting searches for Windows events. New total is 152 Windows searches & rules. And 35 for Linux (more to come) github.com/randomuserid/S…

Lets make peace with pasting passwords... ncsc.gov.uk/blog-post/let-…

@chaoaretasty @troyhunt @haveibeenpwned Fair one. Its hard to differentiate ignorance from sarcasm on this media at times.

Oh for fucks sake. I seriously did not know I had an account in this breach until this email from @haveibeenpwned just landed. Thanks @troyhunt 🤬

Oh my god. This is just sensational. Please watch and retweet.

Be interested to read your thoughts on this @tanium penconsultants.com/blog/exposing-…

Stringless YARA Rules > a guide to build faster YARA rules by @InQuest blog.inquest.net/blog/2018/09/3… The most common performance sin: $h = "MZ" condition: $h at 0 ... Also see my YARA Performance Guidelines gist.github.com/Neo23x0/e3d4e3…