Tweets

You blocked @robwinchester3

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @robwinchester3

  1. Retweeted
    Dec 15

    Are you really ready for ? What does your data look like? Data Availability != Data Quality

  2. Retweeted
    Dec 5

    If you're attending , don't miss the Arsenal demos of our Automated Collection & Enrichment (ACE) platform at with and tomorrow (12/6) from 10:00 - 11.35 at Station 1

  3. Retweeted
    Dec 1

    Atomic Sysmon configs individually mapped to the ATT&CK Matrix anyone? is on fire! All this now requires is a little code to enable selective merging of technique detections. Detection unit testing FTW! /cc

  4. Retweeted
    Nov 30

    Latest blog is up: 6 things for hunters to look for at the host level. Less about “IOC”s, more about techniques and class of indicators.

  5. Retweeted
    Nov 13

    Happy to welcome Roberto Rodriguez () to our Adversary Detection team! Check out some of his GitHub and blog !

  6. Retweeted
    Nov 13

    Well after a lot of help from , it lives. I've written a PowerShell wrapper for the library. PowerKrabsEtw lives: . Alpha release here:

    Show this thread
  7. Retweeted
    Oct 20

    Windows Defender Exploit Guard's Attack Surface Reduction Rule: Block Office applications from creating child processes MS Access: 🖕

  8. Retweeted
    Oct 19
  9. Retweeted
    Oct 18

    A very detailed and educational malware analysis report for a typical banking trojan by

  10. Retweeted
    Oct 17

    Malware comes and goes, but an Active Directory configuration change is (almost) forever.

    Show this thread
  11. Retweeted
    Oct 18
  12. Retweeted
    Oct 12

    The well known Excel DDE vector can also be manipulated, here is the formula: =MSEXCEL|'\..\..\..\Windows\System32\cmd.exe /c calc.exe'!''

  13. Retweeted
    Oct 11

    Great idea and excellent use of ATT&CK! As you try these, please let us know your feedback to make the model even better

  14. Retweeted
    Oct 10

    Blog post - Hunting for .NET in-memory techniques

  15. Retweeted
    Oct 10

    Excellent post by on hunting for malicious .NET activity in memory (with links to proof-of-concept tools)

  16. Retweeted
    Oct 10

    Announcing 1.4 - The Object Properties Update, including several improvements and new features:

  17. Retweeted
    Oct 9
  18. Retweeted
    Oct 9

    Gather otherwise difficult to collect host data with Arsenal tool “ACE” by &

  19. Retweeted
    Oct 9

    LAST CALL: Early bird pricing for our Adversary Tactics:PowerShell class in Bellevue, WA. Nov 13th-16th

  20. Retweeted
    Oct 9

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·