Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @THE_HELK
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @THE_HELK
-
Prikvačeni tweet
Introducing a Hunting
#ELKStack with advanced analytic capabilities via@ApacheSpark &#GraphFrames . Taking#ThreatHunting to the next level!@Cyb3rWard0g@SpecterOps@elastic@ProjectJupyter . Happy New Year!https://github.com/Cyb3rWard0g/HELK …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
How do you integrate
@ProjectJupyter#notebooks with the#sigma project? How do you convert 300+ rules to@elastic ES query strings & pack them as part of notebooks to query ES? All from code
. I wrote about it here! Weekend readings!
#threathuntinghttps://medium.com/threat-hunters-forge/jupyter-notebooks-from-sigma-rules-%EF%B8%8F-to-query-elasticsearch-31a74cc59b99 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
Looking for anything to do while you wait for 2020
? I just created a Jupyter Book for the @Mordor_Project ! You can now explore mordor datasets w/@ProjectJupyter#notebooks via BinderHub
Pre #ThreatHunting activities for 2020
!
New Site: https://mordordatasets.com Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
I decided to write a book
! An online Interactive Book
! A book on the top of @HunterPlaybook ,@ProjectJupyter#notebooks and w/@mybinderteam BinderHub links all put together w/ the amazing Jupyter Book project!#ThreatHunting Merry Christmas
https://medium.com/threat-hunters-forge/writing-an-interactive-book-over-the-threat-hunter-playbook-with-the-help-of-the-jupyter-book-3ff37a3123c7 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
I think, honestly, the blue team community needs to come together and work on open-source solutions that advance with offense. For that reason I strongly support projects like
@THE_HELKHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
#ElasticStack 7.5 brings#Kibana Lens — a new, intuitive way to build visualizations. Plus, strong#observability enhancements, expanded security use cases, Enterprise Search integrations, and more. Read the full release details → https://go.es.io/2Y5WojM pic.twitter.com/mECUVDaZkOHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
Looking for anything to do this weekend?
@MITREattack open sourced its website code & I created a Docker image to automate the installation and help others in the community to start playing with it!
Docker Image: https://github.com/hunters-forge/Blacksmith/blob/master/aws/attack-website/cfn-files/Dockerfile …
Docs: https://blacksmith.readthedocs.io/en/latest/attack_website_docker.html …pic.twitter.com/QpIgkm8mnc
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
Either you are an attacker or defender, detecting privilege relationships in AD connected data is easy to do w/ BloodHound! What about
#jupyter notebooks to complement the data analysis and viz
of graph data? cc: @_wald0@CptJesus@harmj0y@tifkin_
https://medium.com/threat-hunters-forge/jupyter-notebooks-for-bloodhound-analytics-and-alternative-visualizations-9543c2df576a …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
Interested in learning about what you can do with STIX/TAXII 2.0 APIs and some Python
code? I created a new function for the attackcti Python library to automate the creation of @MITREattack Navigator group layer files


and shared the processhttps://medium.com/threat-hunters-forge/automate-the-creation-of-att-ck-navigator-group-layer-files-with-python-3b16a11a47cf …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
#camlis2019 videos are now available * on the CAMLIS youtube channel: https://www.youtube.com/channel/UCmIY4lIVsotxeUDRCQb2ZXA …; * and linked from the conference program: https://www.camlis.org/2019/program Enjoy!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
I always wondered how I could share
#ThreatHunting detections via@ProjectJupyter notebooks in a more practical and interactive way so that anyone in
can reproduce the research! Thx to @mybinderteam
@HunterPlaybook@Mordor_Project it is now possiblehttps://medium.com/threat-hunters-forge/threat-hunter-playbook-mordor-datasets-binderhub-open-infrastructure-for-open-8c8aee3d8b4 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
@Cyb3rPandaH & I had so much fun@MITREattack#ATTACKcon sharing our research w/@ProjectJupyter notebooks ,@mybinderteam ,@HunterPlaybook
& @Mordor_Project#ThreatHunting Talk: https://www.youtube.com/watch?v=L3KxKAGSJp4&feature=youtu.be&t=7848 … Slides: https://speakerdeck.com/cyb3rward0g/ready-to-att-and-ck-bring-your-own-data-byod-and-validate-your-data-analytics … BinderHub Demo:https://youtu.be/mQZFHbnDH4AHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
@Cyb3rWard0g#ATTACKcon THIS is the type of talks we need more of Glad to see the authors of@THE_HELK speaking!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
"Adversaries might be attempting to pull the NTLM hash of a user via AD replication services with a non-DC account and from a non-DC wks"
#ThreatHuntingSeason#ThreatHunting@HuntersForge@Mordor_Project
Notebook: https://nbviewer.jupyter.org/github/hunters-forge/ThreatHunter-Playbook/blob/master/playbooks/windows/06_credential_access/T1003_credential_dumping/ad_replication_non_machine_account.ipynb …
Dataset: https://github.com/hunters-forge/mordor/blob/master/small_datasets/windows/credential_access/credential_dumping_T1003/credentials_from_ad/empire_dcsync.md …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
Example: Convert that new Emotet rule using sigmac to a query that can be used on
@Cyb3rWard0g's HELK cd sigma cd tools python3 sigmac -t es-qs -c helk ../rules/windows/process_creation/win_malware_emotet.ymlpic.twitter.com/OfdTAPEqxg
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
We’ve officially joined forces with
@Elastic. Hear from CEO Shay Banon (@kimchy) and Endgame CEO Nate Fick (@ncfick) live on Oct. 15 at 8:30 a.m. EDT to learn more about what we have in store → https://go.es.io/30ScQ6L pic.twitter.com/dern2uDSPQ
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
Happy to release Part II: Shipping ETW events to
@THE_HELK from the Threat Hunting with ETW events and HELK series! Also, releasing the Mordor Erebor
environment to collect ETW events for new datasets! 
#ThreatHunting@HuntersForge@Mordor_Projecthttps://medium.com/threat-hunters-forge/threat-hunting-with-etw-events-and-helk-part-2-shipping-etw-events-to-helk-16837116d2f5 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
Feel free to join the
@HuntersForge public slack
and let's continue building and empowering our community TOGETHER!! #ThreatHunting@Cyb3rWard0g https://launchpass.com/threathunting


Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
THE-HELK proslijedio/la je Tweet
"Adversaries might be extracting the DPAPI domain backup key from my DC to be able to decrypt any domain user master key files" DPAPI God Mode!
#ThreatHuntingSeason#ThreatHunting
Datasets: https://github.com/Cyb3rWard0g/mordor/blob/master/small_datasets/windows/credential_access/credential_dumping_T1003/credentials_from_ad/empire_mimikatz_export_master_key.md …
Notebook: https://nbviewer.jupyter.org/github/Cyb3rWard0g/ThreatHunter-Playbook/blob/master/playbooks/windows/06_credential_access/T1003_credential_dumping/domain_dpapi_backupkey_extraction.ipynb …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
In case you missed it

https://twitter.com/corelight_inc/status/1174431202931032065?s=19 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Awesome to see use cases of pivoting with
@corelight_inc Community ID with Zeek & HELK. That possible thanks to the amazing contributions from@neu5ron and the ruby port from@dcode. A lot more to come on the Zeek front from@Cyb3rWard0g and@neu5ron
pic.twitter.com/6gP4LVf3yW
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.