M45C07

@Cyb3rMonk Finally!

This is gonna be huge. If I calculate correctly, you will be able to detect almost any Windows and Entra ID related attack with less than 20 detections. You can probably expand them to Linux/MacOS/Azure/AWS/GCP as long as you have the right telemetry as I'll teach higher-order behavioral detection logic that are universal. And they are quite hard to bypass 😎

@Salsa12__ Yup

Working on a new project to represent the function call chain in a reversing exercise Do you think it could be useful to someone other than me?

@Antonlovesdnb Need AI to do that? lol...

#ClaudeForBlueTeam - Day 11! I just cut my SIEM lab noise down by over 80 percent. Claude can drill into your SIEMs nosiest events, trace what's generating them and tell you exactly what to tune and how many events/second you can save. Want to replicate this in your environment? Grab the skill below.

@Cyb3rMonk Is it? Lol

Detecting lateral movement with extremely high precision and recall shouldn't be this easy. 😮 #ThreatHunting #DetectionEngineering

@Cyb3rMonk Let's go!

Some exiciting news tomorrow 🥳

@Cyb3rMonk I think there is also HTB module on Sliver that's pretty good

It's a bit late for me as I learned a lot about Sliver C2 framework, but finally someone released a quite cheap course that leverages Sliver. hacksmarter.org/courses/dcb55e…

Dropping new LOLBin/LOLBAS inspired project today called LOLGlobs, to document some cool ways of commandline evasion using wildcards and some other obfuscation techniques that go beyond B64 encoding: 0xv1n.github.io/LOLGlobs/

@Salsa12__ Dll proxying

From a cybersecurity perspective, what technique does this dummy code look like to you?

Feel the love with some KQL!

Access masks are easy to ignore until you hit Access Denied and waste time guessing. I wrote up a short walkthrough on what access masks are, where they live, and how to inspect them in Process Explorer, the security UI, and a debugger. trainsec.net/library/window…

Within DeviceEvents (XDR/MDE however you want to call it) you can find this thing, that's like the most confusing event I have ever seen. I wonder if anyone is utilizing this in any way????? #cybersecurity #EDR #MDE

@Cyb3rMonk I highly recommend this one!

It's been just 2 weeks since I launched my new course, and people are loving it. 🙏 I’ve lowered the bar for entry into threat hunting. #ThreatHunting

I have been doing some AMSI bypasses lately, imagine how surprised I was finding out this: Windows 11 Pro, no MDE, Defender AV -> bypass was successful. Windows 11 Pro, MDE, Defender AV -> the same bypass was instantly detected. Huh #windows #MDE #Defender #cybersecurity #amsi

@Salsa12__ I have been playing with this technique lately, some EDRs trigger for it quite often

Do u remember the VirtualAlloc implementation using Module Stomping? It was an interesting technique... Soon we will play with it

@AlteredSecurity I loved CRTP, so CRTE would be a next level and nice improvement;)

Final Black Friday Giveaway! Win FREE access to: • 1 CRTP seat • 1 CRTE seat How to participate: 1. Like 2. Comment which course you’re interested in and why 3. Repost If you've already availed the Black Friday offer, you're still eligible. Winners will be announced on Dec 15, 2025. Few days left to grab your Black Friday deals: • Up to 25% OFF Labs & Bootcamps • No coupon code needed • Use anytime within 6 months For More details: alteredsecurity.com/online-labs

@vxunderground @nikhil_mitt @struppigel CRTE, cert for big boys

Big giveaway. - (x3) Certified Red Team Expert (CRTE) - (x3) Certified by Altered Security Red Team Professional for Azure (CARTP) - (x10) Malware Analysis for Hedgehogs Bundle CTRE and CARTP sponsored by @nikhil_mitt Malware Analysis sponsored by @struppigel Leave a comment below on what you'd like. Winners chosen in 24 hours.

@Salsa12__ Sure ;)

The Learning C++ for Malware Development course has finished recording! So if all works out, you will have the courses available before the end of year or just at the early start of 2026 Do you want it before 2026?

Our Black Friday sale starts now! Get 42% off everything with code BLACKFRIDAY25. Time to stock up on your winter reading! Runs through 12/2. nostarch.com

🔥 #BlackFriday discounts are live🔥 ➤ 35% OFF all #KQL courses for threat hunting, detection engineering, and incident response. 👉 academy.bluraven.io/blackfriday2025 #ThreatHunting #DetectionEngineering #DFIR #incidentresponse #CyberSecurity #InfoSec

@WKL_cyber OADOC releases 28th Nov?

The countdown is on, only one week until the biggest cybersecurity training sale of the year. Prepare your wish list. (Includes new course release: OADOC and OGOTC) whiteknightlabs.com/training/ Use code: WKLBLACKFRIDAY50 at checkout, November 28–December 12.