@blu3_team

Another method of C2 detection using Splunk with rare domain and PC counts. blu3-team.blogspot.com/2019/05/detect…

@IAPonomarenko What is the black stuff on the eggs? Almost looks like Caviar. Never tried that.

For those who were curious — here’s an English breakfast in Bucha :))

@HackingDave Try a steamerpot

Some serious pizza making happening rn

@SwiftOnSecurity Exactly right. I have complaints about not enough coverage, too many false positives, and increased risk of tuning all at the same time. If you want perfect security you can't be in this field.

I simply Accept The Risk

@mtaibbi We planned it all out and nothing went to plan. A wonderful journey, love and pain. That may have been the best of me, we'll see.

I’d never lecture people to have kids. But looking back, all the anxieties I had about parenthood, including the financial ones, were completely wrong.

@NataliaAntonova You look wonderful, confident, and ready to take on the world. I can't understand why someone wouldn't start with that.

“I would make a comment about the way you look, but I’m a decent guy so I won’t.” This isn’t flirting, this is cringe and weird. I love a good compliment, this ain’t it.

@EricaZelic You're doing great, hang in there.

I need a hug. Any volunteers?

@HackingDave I have a son that has surpassed me in several ways. You are doing a good job, we can only hope our children are better than we are.

Damn it my son Mason just had the flank of his life and shot me on the back at Airsoft. Never gone live this one down 😬

IOCs are backward looking indicators. They have their place but don't bet the farm on them. Behavioral TTPs age out much more slowly.

@floesen_ Event log of death, nice

A bug allows any user to crash the Windows Event Log service of any other Windows 10/Server 2022 machine on the same domain. According to MSRC, the bug does not meet the bar for servicing and therefore they allowed me to publish a proof of concept. github.com/floesen/EventL…

@PyroTek3 My condolences Sean, these things are tough.

I am sad to share my wife's dad passed away late last night after months of dealing with serious illness & prolonged hospital stay. His organs started failing in the past few days after over a year of being sick. It's a tough time for the family & appreciate the love & support

@ateixei It solves a lot of problems

I've sold the #Cribl idea to a few customers already. Any other 'enterprise-grade' alternatives you know? Tenzir.com and Vector.dev? Use case: easily and effectively route and (pre)transform log data from/to on-prem/cloud. No SQL only, please!

@malcomvetter @ImposeCost I think the only sig we have without filters is "process call create"

@malcomvetter @ImposeCost Not sure I agree, signature feeds are commodity but generally not modifiable. To be used they need to be reviewed, filtered for your organization, and put into local prod detection. Basically, writing your own from a template of existing sigs at the least.

@wdormann Will, you are the Rocky Balboa chasing after these things, you never stop. Respect.

@Pete1250Pete @Saturnax1 @USNavy @CovertShores @TayfunOzberk @FORONAVAL @SubBrief @TheSubHunter1 @USN_Submariner @wachteldean54LV @BobKoonce @KnappJW @LGoessing The 16 inch had a huge boom and heat blast that shocked the senses. The 5 inch was sharper and louder, especially below decks, impossible to sleep during firing exercises. They tricked a reporter one time to stand nearthe the ciws during firing, I don't think he got a good shot.

@Saturnax1 @USNavy @CovertShores @TayfunOzberk @FORONAVAL @SubBrief @TheSubHunter1 @USN_Submariner @wachteldean54LV @BobKoonce @KnappJW @LGoessing Those were some bloody big guns she toted around. Not THE largest calibre for a battleship - I think one of the Japanese WW2 battleships has that record. Those shells though, radar guided, targets at sea and ashore never stood a chance. What was it like onboard during firing?

@Saturnax1 @USNavy @CovertShores @TayfunOzberk @FORONAVAL @SubBrief @TheSubHunter1 @USN_Submariner @wachteldean54LV @BobKoonce @KnappJW @LGoessing Last crew of the battleship decommissioned February 1991, picture is up on my wall. Great ship, great crew, lots of history. Thanks for sharing.

@cyb3rops Reg save Sam isn't an fp but there might be a legit reason for running it. Just have to find that out. I don't use filters on that sig.

Is this something you'd see reported by a scanner like THOR? I got this as a FP

@TRowePrice @SenWarren, how much money does @TRowePrice have tied up in estate accts bcs they won't provide standard forms? Easy fix trowe, create the ira beneficiary disclaimer form.

@TRowePrice Zero help there. Trowe asks for specific text for ira Benificiary disclaimer text but will not provide the form, medallion holders won't stamp diy forms which is trowe guidance. No way to escalate, @TRowePrice keeps the money. How many customers are trapped like this?

@ateixei It can be abused like this hexacorn.com/blog/2020/02/0…

Anyone seen C:\Windows\system32\gatherNetworkInfo.vbs been abused? Legit instances seems to follow netsh > cscript as parents. That thing executes over 140 shell commands. It ships by default with Win7+