Florian Roth

@cyb3rops

Nextron Systems | Creator of , Valhalla YARA rule feed, Sigma, LOKI, yarGen & much more

Frankfurt, Germany
Vrijeme pridruživanja: lipanj 2013.

Medijski sadržaj

  1. prije 7 sati

    Tycho-based Dashboard to Detect Gandcrab | by - interesting Sigma use case - Syscall process tracing + ELK + Sigma for malware detection

  2. prije 23 sata
  3. 3. velj

    RDG Scanner for Vulnerability CVE-2020-0609 & CVE-2020-0610 - multi-threaded - CIDR support

  4. 2. velj
    Odgovor korisniku/ci

    The Ransomware is named „Snake“ and Turla group also has that „Snake“ alias. Isn’t that proof enough?

  5. 2. velj

    ICYMI developed an online tool to convert Sigma rules into the query language of your choice FAQs What if my field values differ from the standard? What if I get too many false positives?

  6. 1. velj

    Sigma rule to detect malware process starts as described in ESET's recent blog post on a campaign against HK universities (derived from sandbox reports - won't share them yet) Sigma Rule Report

  7. 1. velj

    If you need a name for a new malware, threat group operation or hack tool, check this Imgur gallery with 29 posters showing deities, monsters and heroes of different mythologies

  8. 1. velj
  9. 31. sij

    Could someone at explain what that VHash is? I find it more and more useful. Is it a secret sauce or something you plan to publish some day?

  10. 30. sij

    Just got a list of 8451 systems from around the world that are vulnerable to CVE-2020-0609

  11. 30. sij

    I've spent a whole day on Sigma Focus: Facilitate contributions - New Rule Creation Guide - New colorised test output - New test cases - Rule cleanup (title, date, ids) Next step: How-to guide for pull requests

  12. 30. sij

    Well, we have a Sigma rule from 2017 that would detect this "brand new" Trickbot campaign and I'll write one for the wreset.exe UAC bypass Rule

  13. 29. sij
  14. 28. sij
  15. 28. sij
    Odgovor korisnicima

    Trying to detect it like that:

  16. 28. sij
    Odgovor korisnicima

    holy crap ... and it has no PE infos I think we could get with its imphash. If imphash = X and filename != dctask64.exe I guess that some attackers will rename the file and if they do that ... 🛎

  17. 28. sij
    Odgovor korisnicima

    Trying to detect it like that. Do you think this could work?

  18. 27. sij

    People often forget that Turkey has the second biggest armed forces in NATO

    Prikaži ovu nit
  19. 27. sij

    Wrong and New Paradigms in Security Monitoring What are yours?

  20. 27. sij
    Odgovor korisniku/ci

    I consider outgoing blocked as most important and would drop incoming blocked, as it is just the white noise of the Internet

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·