I'm not knocking vendor special sauce and black box stuff, just saying that most security companies leverage these in large scale tech platforms, and familiarity in these things will take you far and wide in your career, especially if you focus on analysis or detection systems.
-
-
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
No love for tcpdump

-
<3 tcpdump + ngrep as the basis for 99 percent of network sensors :D
- Još 1 odgovor
Novi razgovor -
-
-
Is Clam just because it’s an easily accessible F/OSS AV engine or is there some other reason?
-
I think that, plus fast and scalable and easy to add as a layer to something custom.
Kraj razgovora
Novi razgovor -
-
-
Tweet je nedostupan.
-
Use
@DetectionLab to setup an environment at home quickly and easily - Još 1 odgovor
-
-
-
Also. A lot of customers will say “can you do yara? Can you do zeek?” And eventually you just say “sure, fine. Throw another engine on the stack.”
-
"Do you detect Powershell?" How's your dab game?" Etc.pic.twitter.com/qYnXbp2HFE
Kraj razgovora
Novi razgovor -
-
-
This is a great list. Not only are they all standard tech, but they cover major knowledge areas (file, network) across various methodologies (signature, metadata, behavior). I'd probably go further and say dump the data from as many of these tools into ELK to cover log analysis.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
Advanced Practices