Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @threatpunter
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @threatpunter
-
David French proslijedio/la je Tweet
Reserve your spot! (And your badge
). Get your tickets for #BSidesSLC2020 here: https://www.bsidesslc.org/ Friday, March 20, 2020 - Workshops & Trainings; Saturday, March 21, 2020 - Sessions & Villages; By the People, For the People!#BSidesSLCHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
My favorite response and something that I will try the next time anyone sings happy birthday to me: "Sing back under your breath and make eye contact with only one person" https://www.reddit.com/r/AskReddit/comments/emkkri/what_the_fk_are_you_supposed_to_do_when_having/ …pic.twitter.com/gaY4zrcF5M
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
David French proslijedio/la je Tweet
Fun fact for the day: IntegrityLevel within process creation events provides context to detection opportunities. Example: Open powershell as administrator, the integrity is "High". Processes running under that process will now be high as well. (1/5)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
David French proslijedio/la je Tweet
I'm hiring a security research engineer: we track adversaries, research emerging threats, give back to the community, and provide detection logic for
@elastic products. read more or apply: https://jobs.elastic.co/jobs/security-solutions/amer-distributed-/security-principal-research-engineer/2036511?lang=en_us …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
David French proslijedio/la je Tweet
#Opensource attack frameworks and tools continue to be leveraged by criminal groups and nation state actors. Find new ways to build behavioral detections against post-exploitation frameworks such as#Koadic using Event Query Language (EQL) in this post → https://go.es.io/3a2KfS5 pic.twitter.com/FARUi2lYbX
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
David French proslijedio/la je Tweet
The DCART (Decoupled Components for Automated Ransomware Testing) github repo is now live and I swear that the code actually works! https://github.com/elastic/dcart
#ransomwareHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
David French proslijedio/la je Tweet
This year I learned about Event Query Language (EQL) from
@rw_access (Ross Wolf). It has quickly become an indispensable tool for analyzing Windows Event Logs. It has a bit of a learning curve, so I wrote an article to help people get started: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
David French proslijedio/la je Tweet
Someone asked if you could use
@eventquerylang to hunt C2 over DNS with a high number of subdomains. Here’s one way: dns where query_name == “*.*.*” | unique query_name /* extract after the first dot */ | count substring(query_name, indexOf(query_name, “.”)) | filter count > 100Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Check out the EQL Analytics Library for over 100 open source security analytics: https://eqllib.readthedocs.io/en/latest/analytics.html …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Unless you have VBA macro-enabled Office documents in your environment that create or modify Windows scheduled tasks, this behavior should not occur often.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The following EQL query matches a Microsoft Office application loading the Windows Task Scheduler COM API (taskschd.dll) in order to create or modify a scheduled task.pic.twitter.com/rhtJc0oOVM
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Example 2: In an attempt to evade detection, adversaries sometimes include VBA code in Office documents to create a scheduled task for persistence without using the native scheduled tasks (schtasks.exe) utility.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This EQL (
@eventquerylang) query matches events where vaultcli.dll is loaded by a process that is not vaultcmd.exe. This behavior is suspicious and should be investigated.pic.twitter.com/z5hbes5877
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Adversaries will often write malicious code to import functions from Windows or 3rd party software DLLs in order to evade detection and help them achieve their objectives such as stealing passwords or establishing persistence on a target endpoint.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Image load events can be utilized to monitor which DLLs are loaded by running processes and build high efficacy detections for adversary tradecraft and malware.https://link.medium.com/xjxJ4FnL31
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
David French proslijedio/la je Tweet
I love reading this, and how much we are investing
@elastic, thanks to the wonderful addition of the Endgame team to our security efforts, so much we can do and help our users now and moving forwardhttps://twitter.com/elastic/status/1202327046153592832 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
David French proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
David French proslijedio/la je Tweet
We recently saw
#Sodinokibi dropped via#ScreenConnect software. Here's a#YARA rule to detect the PE/DLL, we generated this from observed strings in memory from these process injection alerts. https://gist.github.com/dstepanic/f18d24d873f2a7c1e524641dd4effb09 … https://twitter.com/threatpunter/status/1202330429551865856 …pic.twitter.com/yf2kZZv3nX
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Check out EQLlib for over 100 open source security analytics: https://eqllib.readthedocs.io/en/latest/analytics.html …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.



| Threat Hunting | DFIR