I thought it was common knowledge that attackers can surgically edit event logs. I found out yesterday people largely don't know that. It's deceptively easy and examples are publicly available. 1/n
-
Show this thread
-
The Shadow Brokers leaks included code as early as January to do this. Based on investigations we've worked, I believe Chinese and Russian actors have had this capability for at least 3 years (probably more) 2/n
2 replies 14 retweets 33 likesShow this thread -
Stop pretending your event logs are set in stone. They aren't. "All or nothing" is so 5 years ago. Want to screw with your attacker? Forward your logs to a SIEM. By the time they go to edit the logs they can't without creating inconsistency. 3/3
4 replies 35 retweets 107 likesShow this thread
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.