Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
Tycho-based Dashboard to Detect Gandcrab | by
@CyberusTech - interesting Sigma use case - Syscall process tracing + ELK + Sigma for malware detection https://www.cyberus-technology.de/posts/2020-02-04-dashboard.html …pic.twitter.com/kaNRfVPuoe
-
Sigma rule to detect Dumpert password dumper - used by Emissary Panda in recent campaigns Dumpert https://github.com/outflanknl/Dumpert … Rule https://github.com/Neo23x0/sigma/blob/master/rules/windows/sysmon/sysmon_hack_dumpert.yml … Report by
@PaloAltoNtwks https://unit42.paloaltonetworks.com/actors-still-exploiting-sharepoint-vulnerability/ …pic.twitter.com/g4TSQxyIQw
-
RDG Scanner for Vulnerability CVE-2020-0609 & CVE-2020-0610 - multi-threaded - CIDR support https://github.com/2d4d/rdg_scanner_cve-2020-0609 …pic.twitter.com/8yqu4nD7Te
-
The Ransomware is named „Snake“ and Turla group also has that „Snake“ alias. Isn’t that proof enough?pic.twitter.com/MwZNp8BXkB
-
ICYMI
@SOC_Prime developed an online tool to convert Sigma rules into the query language of your choice https://uncoder.io/ FAQs What if my field values differ from the standard? https://github.com/Neo23x0/sigma/wiki/Converter-Tool-Sigmac … What if I get too many false positives? https://github.com/Neo23x0/sigma/blob/master/README.md#translate-only-rules-of-level-high-or-critical …pic.twitter.com/elhs1s2CFz
-
Sigma rule to detect
#Winnti malware process starts as described in ESET's recent blog post on a campaign against HK universities (derived from sandbox reports - won't share them yet) Sigma Rule https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_apt_winnti_mal_hk_jan20.yml … Report https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ …pic.twitter.com/NOF1Flx5i0
-
If you need a name for a new malware, threat group operation or hack tool, check this Imgur gallery with 29 posters showing deities, monsters and heroes of different mythologies https://imgur.com/gallery/AlCZXEi pic.twitter.com/h2D93YJU6m
-
Preliminary YARA rule https://pastebin.com/kdcRZ4xR pic.twitter.com/zivuBdSLC1
-
Could someone at
@virustotal explain what that VHash is? I find it more and more useful. Is it a secret sauce or something you plan to publish some day?pic.twitter.com/iHZ8xbKVfB
-
Just got a list of 8451 systems from around the world that are vulnerable to CVE-2020-0609pic.twitter.com/Yt9gw99V6S
-
I've spent a whole day on Sigma Focus: Facilitate contributions - New Rule Creation Guide https://github.com/Neo23x0/sigma/wiki/Rule-Creation-Guide … - New colorised test output - New test cases - Rule cleanup (title, date, ids) https://github.com/Neo23x0/sigma/pull/604 … Next step: How-to guide for pull requestspic.twitter.com/5Iy4NSmiEo
-
Well, we have a Sigma rule from 2017 that would detect this "brand new" Trickbot campaign and I'll write one for the wreset.exe UAC bypass Rule https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_svchost.yml … https://twitter.com/ReaQta/status/1222548288731217921 …pic.twitter.com/ELcxrA0Sng
-
I've transformed the expressions from my "Top Base64 Encodings" learning aid into a YARA and Sigma rule and published them in the respective repos Learning Aid https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639 … YARA https://github.com/Neo23x0/signature-base/blob/master/yara/gen_powershell_susp.yar#L204 … Sigma https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_powershell_frombase64string.yml …pic.twitter.com/5C5MRGGFaL
-
Sigma rules to detect attacks exploiting ZOHO's signed dctask64.exe Rules https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_dctask64_proc_inject.yml … https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_renamed_dctask64.yml … Discovery by
@gN3mes1s https://twitter.com/gN3mes1s/status/1222088214581825540 …pic.twitter.com/DHxoueYhKN
-
-
holy crap ... and it has no PE infos I think we could get with its imphash. If imphash = X and filename != dctask64.exe I guess that some attackers will rename the file and if they do that ...
pic.twitter.com/ayHz6IzLvY
-
Trying to detect it like that. Do you think this could work?pic.twitter.com/Auaac3dgSG
-
People often forget that Turkey has the second biggest armed forces in NATOpic.twitter.com/zRWfiRuj34
Prikaži ovu nit -
Wrong and New Paradigms in Security Monitoring
#SecurityMonitoring#SIEM What are yours?pic.twitter.com/zKMfQmQRFP
-
@pedantic_hacker I consider outgoing blocked as most important and would drop incoming blocked, as it is just the white noise of the Internetpic.twitter.com/zE867EiXuo
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.