Nate Guagenti

@neu5ron

NSM+WEF Endpoint+ELK. Helping out w/ & fanatic of SIGMA by . Father of 2. Bob’s your uncle, not my employers.

Columbus, OH
Vrijeme pridruživanja: lipanj 2011.

Tweetovi

Blokirali ste korisnika/cu @neu5ron

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @neu5ron

  1. proslijedio/la je Tweet
    31. sij

    Has anyone (boss, client, student, etc) ever asked you in what Windows event log can you find a process, IP address, InterfaceUuid, etc? Very helpful to identify providers that you might need to start collecting data from. is using online interactive

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    31. sij

    Was testing out Elastic 7.5.2. Not sure when a change was made to the behavior of fields that consist of arrays of keywords (like process.args)... This change 'breaks' a lot of the anticipated behaviors from previous versions for fields like process.args.

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    31. sij
    Poništi
  4. proslijedio/la je Tweet
    30. sij

    We are looking forward to keynoting our blue team track this year!

    Poništi
  5. 26. sij

    progress done. stromboli in the oven and we are complete

    Prikaži ovu nit
    Poništi
  6. 26. sij

    Prepped the ingredients, at my brother’s , for the other sauce I cook when I am not cooking something for slow cook for 6hrs+ and add some of the 60lbs of sausage we made

    Prikaži ovu nit
    Poništi
  7. 23. sij

    Pumped to start with next week. Looking forward to get back to SIGMA & threat hunting content, large scale NSM & database architectures, and rejoin w/ my Windows Logs Zero 2 Hero cohort . Alot more to come

    Poništi
  8. 23. sij

    Excited to see what this panel will involve. Industry could continue to use more realism 👌

    Poništi
  9. proslijedio/la je Tweet
    18. sij

    If anybody needs help with this here are some good GPOs to get started.

    Poništi
  10. proslijedio/la je Tweet

    You or someone you know is looking for a threat hunting position? We’re hiring. Find badness on 🕵🏼‍♂️ use and develop on , share open-source, unlimited conferences 👨🏼‍🏫 and work remotely with a kickass home setup! 🧑🏼‍🚀 DMs are open if you want to know more

    Poništi
  11. proslijedio/la je Tweet
    11. sij

    How do you integrate with the project? How do you convert 300+ rules to ES query strings & pack them as part of notebooks to query ES? All from code 😱. I wrote about it here! Weekend readings! 🍻

    Poništi
  12. 11. sij

    This is your future self... I wanted to let you know that since you were normalizing IDS, IPS, firewall, sysmon, and bro/zeek data into common fields for pivoting&schema.....that 5+ years from now thats all you will still be doing. good luck buddy

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    10. sij

    Any idea if there is a public backlog / roadmap for ? Would love to see how close we are to getting Community ID support ( & correlation!)

    Poništi
  14. proslijedio/la je Tweet
    4. sij

    Excellent introduction to the implementation of Windows Event Logs and why they can be missing critical information. Michael Cohen includes an open source Velociraptor parser as a solution.

    Poništi
  15. proslijedio/la je Tweet
    4. sij

    Released a new project, a dockerized ELK environment filled with security datasets: • Mordor from • EVTX-ATTACK-SAMPLES from

    Poništi
  16. proslijedio/la je Tweet
    29. pro 2019.

    OSCD: Threat Detection Sprint #1 Summary has been published. Thanks to all the participants and those who helped with it! Merry Christmas and Happy New Year!

    Poništi
  17. proslijedio/la je Tweet
    28. pro 2019.

    For my reverse engineering friends, patching a binary might be easy. But, if you are starting it can be challenging, here is a post I wrote on how to patch a binary using radare2. Also shows the same task using vim and xxd.

    Poništi
  18. proslijedio/la je Tweet
    24. pro 2019.

    Now that you're cooking with gas, you want moar, check out Sigma rules by & ➡️

    Prikaži ovu nit
    Poništi
  19. 24. pro 2019.
    Poništi
  20. proslijedio/la je Tweet
    22. pro 2019.

    God Mode Sigma Rule v0.1 ✊ A proof-of-concept with my TOP 3 search queries Merry Christmas and happy hunting🎄🏹

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·