lazarg

If you actually want to work in detection. Please make an effort to understand the data sources you are using. It's not EventID==X or CommandLine contains Y, just because you executed malware in your lab and checked the event log. 😭 Here a couple to think about - Understand how event id are not unique across providers - CommandLine can be spoofed, and you should know how easy it is. - ETW offers a lot of hidden gems. Learn more and explore it. - The registry contains a lot of hard to spoof evidence. - A technique is not linked to a tool

@AtomicsonaFri Hey!

⏳ 30-Minute Countdown! ⏳ 🚨🔥 We’re going LIVE with a special Atomics on a Friday in just 30 minutes! 🎥💻 ✨ Don’t miss: ➡️ Your chance to WIN a FREE CTF ticket—winners announced at the end!! 🎉🏆 🎟️Comment below here to be entered!🎟️ youtube.com/watch?v=SfIowA…

🔥 Excited to announce HEARTH (Hunting Exchange And Research Threat Hub)! Hey thrunters! A new open-source home to: - Share hunt ideas - Learn from others - Level up together Built by hunters, for hunters 🎯 threathuntingcommunity.com #threathunting #thrunting #infosec #HEARTH

Excited to share AtomicGen.io, a platform I’ve built to simplify #AtomicRedTeam test creation. Discover more: atomicgen.io Github Link: github.com/krdmnbrk/atomi… #detectionengineering #attacksimulation @redcanary

Hey APTs, threat actors, and ransomware groups, could you please keep your infrastructure up a bit longer (you can move to another ASN, that's fine) so IntelOps students can learn all the pivoting tips and tricks, complete their assignments, and earn their well-deserved certificates? Cheers!

@_JohnHammond @DEATHCon2024 Because it covers both passive and active defense.

Thanks to @DEATHCon2024 's generosity, they are letting me giveaway the LAST ticket available for their in-person Seattle conference!😎 (PS, I'll be there!) Will select and DM a random winner on Saturday, 8/3 11:59 PM PST. To "enter the giveaway", all you have to do is ... reply here with why you're excited about learning Detection Engineering and Threat Hunting skills😜

Another tip when monitoring threat actor opendirs is to identify Cobalt Strike C2 servers and potentially new or custom malleable profiles. For example, by using the @Huntio Attack Capture feature, we identified an exposed opendir with a new Cobalt Strike 4.9 malleable profile. With this information, we can create a simple hunt rule to search for Cobalt Strike C2 servers. Hunt rule identified not publicly detected Cobalt Strike C2 running on 213.218.240.211🎯

My talk demonstrating how with minor tweaks you can really frustrate command line-based detections across Windows, Linux and MacOS is now live: ⚡ youtube.com/watch?v=52tAmV… @BSidesDublin #threatdetection #threathunting #lolbas #offsec

You can find my slides for "Offensive VBA" talk here github.com/X-C3LL/congres…

Interesting ImpHash post from Chris Ray in our R&D team on false positives and negatives with using it to find malware. Learn about why it's great for some malware, but less effective with .Net, Go, packed EXEs, and some trojans. cybertriage.com/blog/limitatio…

🧠 Calling Conventions for Reverse Engineers 📑 cdecl, stdcall, fastcall, msfastcall & thiscall 🧠 Memory management: heap, code, stack 🎢 Stack Frame Setup & Cleanup 👉 youtube.com/watch?v=VKp4Fv…

🥳Nyereményjáték!🥳 Nemrég bannoltunk 2 embert akik nem lettek jogosultak nyereményre. Így akik ide kommentelik a kedvenc ügynökük nevét, követnek minket és retweetelik ezt a bejegyzést azok közt kisorsolunk 5x10 euro VP-t! GL Sorsolás December 26 . 20:00

@Partyy46779023 @axxialgaming Deokos istenem!

@gbL2k_ @axxialgaming

Téli Valorant lan kupa nyertesei 👊🏆 Köszönjük, hogy ismét eljöttetek! Jövőre találkozunk! 🤭

For nearly 75 years, the bond between Europe and North America has made NATO the strongest Alliance in history. Together, we work for peace, security and freedom for one billion people #WeAreNATO

Dive into the hidden world of bootkits in our latest blog. Discover how attackers manipulate the boot process, evading defenses. Stay informed and read more in the blog linked below: bit.ly/46dj2bl #CyberSecurity #BootkitsExposed #Blog

Thank you for always visiting my security research notes. Over the past few months, I have written numerous blogs to share security-related insights derived from learning, researching, and simulating demos. ✅ GitHub : github.com/LearningKijo/S…

I wrote a YARA rule to detect the successful exploitation of CVE-2023-29357 on Microsoft SharePoint servers using the Python POC thx to @theluemmel & @TH3C0DEX for the logs as soon as we know that this rule works stably, we can omit the User-Agent github.com/Neo23x0/signat…

@TCMSecurity A threat hunting course and cert would be cool.

What type of courses - or certs - would you like to see on TCM Academy? 🤔

⭐️It's official! ⭐️The #LOLDrivers 1.0 release is out and includes a tremendous number of new additions! Release Blog: medium.com/magicswordio/l… loldrivers.io 1. New Driver Enrichments - Authentihash, signature metadata, and more! 2. Driver Binaries under the drivers/ directory - Want to download? Get them all! 3. Changed to UUID instead of Driver Names - Longevity is the name of the game 4. Elastic Drivers Add - @nas_bench opened Pandora's box, and all we got was a list of drivers 5. Updated loldrivers.io - Enhancements, UI mods, update reports 6. Updated Validation CI Job with a YAML Spec - Validate your YAML 7. Added Release CI Job - Check it out - github.com/magicsword-io/… 8. New Drivers Added via Community Contributions - Numerous contributions from the community - thank you! Incredible work by the team @nas_bench, @_josehelps, and all the community contributors!