pH

🚨🔥 LOLRMM IS LIVE! 🔥🚨 The wait is over, folks! 🥳🎉 We’re thrilled to announce the official release of LOLRMM — your new go-to tool to detect and counter RMM abuse! 🕵️‍♂️💻 👉 Check it out NOW at LOLRMM.io 👈 This couldn’t have been possible without our amazing contributors: @nas_bench , @Kostastsale , @cyb3rbuff , @_josehelps , and @M_haggis ! 🙌 And a HUGE thanks to the projects that paved the way: - Steven Dick — Splunk Lookup - @WikiJM — Ruler Project - @mthcht — RMM - @Cyberspooon — RMM-Catalogue - @br0k3ns0und — Gist - @redcanary — Surveyor Release vid: youtube.com/watch?v=rbh7uF… 🔥 Dive into the full story here: medium.com/magicswordio/a… 🔥 #CyberSec #ThreatIntel #LOLRMM

Allen Medien zur Folge betraf der Hinweis Inhalte aus öffentlich einsehbaren Kanälen. Dazu bedarf es keiner rechtlichen Anpassung. Was es braucht ist technisches Verständnis. Da haben wir definitiv Defizite auf allen Ebenen, sowohl medial als auch politisch...

The 2 latest releases from @sigma_hq have been downloaded a total of 1.4M times 🔥 Love to see people enjoying and automating the download of releases 😁 (more to come)

New article just published on @sigma_hq by @sifex - Introducing Sigma Filters 🔥 This new feature was added to pySigma v0.11.7 allows users to express filters and exclusions independently of the Sigma rule itself. Allowing for their re-use across many rules and ease their management. Chekc out the blog for more details and examples blog.sigmahq.io/introducing-si…

People and vendors dunking on CS have a lack of understanding of how Software works and specifically kernel drivers. Building one is hard af let's make that clear., and CI/CD & QA can be even harder. And for those pointing that their software is better here are some screenshots to ponder on :)

@LetheForgot @SwiftOnSecurity Had to record the process for my IT dept, figured I'd share the note. Thank you Lethe!

Let’s be clear. 'Upload Moderation' is a mass surveillance program. We urge EU governments to reject mass scanning of their citizens' communications by voting against this proposal tomorrow.

New blog post by @sigma_hq core team member @blubbfiction Introducing the long awaited feature Sigma correlations. blog.sigmahq.io/introducing-si…

Funny, we had the old style AI, optimizing logistics, winning Chess & Go & ad placement against humans. Then there is the new windbag AI, suggesting gluing cheese to your pizza, recommend eating healthy rocks daily, and so on. That's the AI, everyone wants for their business sys.

@nas_bench also AI detecting AI (e.g. ~ about.fb.com/news/2024/02/l…)

I feel like generative AI shouldn't be used yet. Its a "beta" topic but many companies are acting like they its "mature" (its not) What's worrying is that, current tooling doesn't really know how to differentiate between human and machine generated data (with some exceptions) This means the next set of training data is already being generated by AI (via co-pilot generated code, articles, pictures, etc.). Combine that with the audacity of AI (never admitting it's wrong). Its gonna be very interesting (if not ducked) to see.

Today we're releasing our first entry in a new monthly blog series we're calling - Tales Of Valhalla nextron-systems.com/2024/03/05/tal… Our aim is to highlight some of the more evasive threats we're following and seeing uploaded to VT with very low detection rate. In this first entry we put the spotlight on MrAgent, GuLoader, IronWind and HemiGate. You might leverage the rules referenced from Valhalla in the blog to get ahold of samples and monitor for new variants. Huge thanks to my colleague @X__Junior and his help in writing this. And many thanks to @cyb3rops and @pH_T__ for their review.

Yara practices I highly recommend after having written ~1500 rules🧵#100DaysOfYara 1. For code patterns: add the disassembled code as comment Otherwise you force readers to reverse engineer the code pattern, making it hard to maintain, judge its usefulness and matches.

Cyber Security 2024: Key Trends Beyond the Hype nextron-systems.com/2024/01/17/cyb…

I've put together a blog post outlining the basic cyber security trends that I believe will not only persist but also intensify throughout 2024

I have finally found the time to update my "Log Sources" slide with input from @blubbfiction @phantinuss @shellcromancer @DefensiveDepth & others Changes - added EDR, cloud & IdP logs - rewrote the texts in the legend - updated values #SIEM github.com/Neo23x0/Talks/…

You're not gonna wanna miss today's Atomic on a Friday @AtomicsonaFri :) Today is going to be all about Sigma w/ @M_haggis and @burning_pm We're gonna talk about all the new hotness that's been going on in the Sigma world form sigconverter.io to VsCode extension and all in between :) And the first look at Sigma correlations implemented in Aurora youtube.com/watch?v=-MOLIU…

Supercharging Postfix With THOR Thunderstorm nextron-systems.com/2023/11/14/sup…

🚀ASRGEN is live! 🎉 asrgen.streamlit.app 🤿 Diving deep into ASR, and this was my "sharpening the axe" 🪓 moment. I'll be updating the Atomic Tests 🔬 as I go, but if you want to contribute, PRs/Issues are open. 🙌 ! 📣 Any feedback? Definitely shoot it over! There's a lot to explore here! 💡 github.com/MHaggis/ASRGEN 📚 Highlights: - It stacks the ASR GUIDs based on the mode. 🛠️ - "Enable all" - remember, this is for testing, not prod... Unless your prod is testing? 🤔🧪 - Oh - you can add exclusions too! 🔥 - ASR Essentials is like a firehose course 🚒 on ASR. Get ready to get soaked with knowledge! 🧠 - ASR ⚛️Atomic Testing 🧬 - scripts and different knick-knacks to help you generate block/warn/audit events. 🎯 Stay tuned for more updates ⭐️

Our Encrypted DNS servers have now been converted to run from RAM! This is completely cost-free, and available to anyone that wishes to have a trustworthy, audited Encrypted DNS service with optional content blocking! Read more here: mullvad.net/blog/moving-ou…