#detectionengineering — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #detectionengineering, aggregated by home.social.
-
[DxBP] Part 1 - Technical Detection Engineering Best Practices
https://kqlquery.com/posts/dxbp-part1/
Read on HackerWorkspace: https://hackerworkspace.com/article/dxbp-part-1-technical-detection-engineering-best-practices
-
[DxBP] Part 1 - Technical Detection Engineering Best Practices
https://kqlquery.com/posts/dxbp-part1/
Read on HackerWorkspace: https://hackerworkspace.com/article/dxbp-part-1-technical-detection-engineering-best-practices
-
[DxBP] Part 1 - Technical Detection Engineering Best Practices
https://kqlquery.com/posts/dxbp-part1/
Read on HackerWorkspace: https://hackerworkspace.com/article/dxbp-part-1-technical-detection-engineering-best-practices
-
[DxBP] Part 1 - Technical Detection Engineering Best Practices
https://kqlquery.com/posts/dxbp-part1/
Read on HackerWorkspace: https://hackerworkspace.com/article/dxbp-part-1-technical-detection-engineering-best-practices
-
[DxBP] Part 1 - Technical Detection Engineering Best Practices
https://kqlquery.com/posts/dxbp-part1/
Read on HackerWorkspace: https://hackerworkspace.com/article/dxbp-part-1-technical-detection-engineering-best-practices
-
APT37’s Ruby Jumper campaign demonstrates a mature approach to air-gap traversal.
Observed tradecraft includes:
• LNK-based initial execution
• Embedded PowerShell payload extraction
• Ruby interpreter abuse (v3.3.0)
• Scheduled task persistence (5-minute interval)
• USB-based covert bidirectional C2
• Multi-stage backdoor deployment
Toolset: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE, BLUELIGHT.The removable media relay model enables:
– Command staging offline
– Data exfiltration without internet access
– Lateral spread across isolated systems
– Surveillance via Windows spyware
This reinforces a critical point:
Air-gap controls must extend beyond physical disconnection — including USB governance, device auditing, behavioral monitoring, and strict runtime execution policies.Are critical infrastructure operators prepared for USB-mediated C2 relays?
Engage below.
Follow TechNadu for high-signal threat intelligence insights.
Repost to elevate awareness.#Infosec #APT37 #AirGapSecurity #ThreatModeling #MalwareAnalysis #NationStateThreats #USBExfiltration #SOC #DetectionEngineering #CyberDefense #OperationalSecurity #ThreatHunting #ZeroTrustArchitecture
-
TrustConnect = RAT disguised as RMM.
Discovered by Proofpoint.
Technical observations:
• Centralized multi-customer C2
• API-driven agent registration (/api/agents/register)
• WebSocket RDP streaming
• EV certificate abuse (revoked Feb 6, 2026)
• Branded payload generation per org token
• Rapid infra pivot → “DocConnect” (SignalR integration)
Subscription model: $300/month via BTC/USDT.
Operators tracked victims across tenants.
This is MaaS evolving toward operational maturity — automation, AI-assisted site generation, and SaaS-style lifecycle management.How should defenders adjust detection logic when malware is digitally signed and infrastructure rotates quickly?
Source: https://www.proofpoint.com/us/blog/threat-insight/dont-trustconnect-its-a-rat
Engage below.
Follow TechNadu for technical threat intelligence coverage.#ThreatIntelligence #ReverseEngineering #MalwareResearch #RAT #MaaS #SOC #DFIR #CyberOperations #DetectionEngineering
-
The UK is moving toward mandatory proactive detection of nonconsensual intimate images.
Under proposals backed by Keir Starmer, platforms must:
• Remove flagged content within 48 hours
• Prevent reuploads using hash matching
• Deploy proactive detection “at source”
• Face fines up to 10% of global revenueRegulator Ofcom is accelerating its decision on requiring technical enforcement mechanisms.
Technical considerations:
- Hash collision and false-positive risks
- Cross-platform hash database coordination
- Encryption vs scanning tradeoffs
- Abuse-report automation workflows
- AI-generated image detection accuracy
Is mandatory proactive scanning the future of online content governance?Source: https://therecord.media/united-kingdom-noncensual-images-fines
Drop your technical analysis below.
Follow @technadu for advanced cybersecurity and policy reporting.
#Infosec #DetectionEngineering #AIsecurity #HashMatching #ContentModeration #DigitalForensics #CyberPolicy #OnlineSafety #DeepfakeDetection #PrivacyEngineering #ThreatModeling #SecurityArchitecture
-
The UK is moving toward mandatory proactive detection of nonconsensual intimate images.
Under proposals backed by Keir Starmer, platforms must:
• Remove flagged content within 48 hours
• Prevent reuploads using hash matching
• Deploy proactive detection “at source”
• Face fines up to 10% of global revenueRegulator Ofcom is accelerating its decision on requiring technical enforcement mechanisms.
Technical considerations:
- Hash collision and false-positive risks
- Cross-platform hash database coordination
- Encryption vs scanning tradeoffs
- Abuse-report automation workflows
- AI-generated image detection accuracy
Is mandatory proactive scanning the future of online content governance?Source: https://therecord.media/united-kingdom-noncensual-images-fines
Drop your technical analysis below.
Follow @technadu for advanced cybersecurity and policy reporting.
#Infosec #DetectionEngineering #AIsecurity #HashMatching #ContentModeration #DigitalForensics #CyberPolicy #OnlineSafety #DeepfakeDetection #PrivacyEngineering #ThreatModeling #SecurityArchitecture
-
The UK is moving toward mandatory proactive detection of nonconsensual intimate images.
Under proposals backed by Keir Starmer, platforms must:
• Remove flagged content within 48 hours
• Prevent reuploads using hash matching
• Deploy proactive detection “at source”
• Face fines up to 10% of global revenueRegulator Ofcom is accelerating its decision on requiring technical enforcement mechanisms.
Technical considerations:
- Hash collision and false-positive risks
- Cross-platform hash database coordination
- Encryption vs scanning tradeoffs
- Abuse-report automation workflows
- AI-generated image detection accuracy
Is mandatory proactive scanning the future of online content governance?Source: https://therecord.media/united-kingdom-noncensual-images-fines
Drop your technical analysis below.
Follow @technadu for advanced cybersecurity and policy reporting.
#Infosec #DetectionEngineering #AIsecurity #HashMatching #ContentModeration #DigitalForensics #CyberPolicy #OnlineSafety #DeepfakeDetection #PrivacyEngineering #ThreatModeling #SecurityArchitecture
-
The UK is moving toward mandatory proactive detection of nonconsensual intimate images.
Under proposals backed by Keir Starmer, platforms must:
• Remove flagged content within 48 hours
• Prevent reuploads using hash matching
• Deploy proactive detection “at source”
• Face fines up to 10% of global revenueRegulator Ofcom is accelerating its decision on requiring technical enforcement mechanisms.
Technical considerations:
- Hash collision and false-positive risks
- Cross-platform hash database coordination
- Encryption vs scanning tradeoffs
- Abuse-report automation workflows
- AI-generated image detection accuracy
Is mandatory proactive scanning the future of online content governance?Source: https://therecord.media/united-kingdom-noncensual-images-fines
Drop your technical analysis below.
Follow @technadu for advanced cybersecurity and policy reporting.
#Infosec #DetectionEngineering #AIsecurity #HashMatching #ContentModeration #DigitalForensics #CyberPolicy #OnlineSafety #DeepfakeDetection #PrivacyEngineering #ThreatModeling #SecurityArchitecture
-
CTM360 identifies an active campaign leveraging Google Groups and Google-hosted redirect chains to deliver Lumma Stealer (Windows) and a trojanized Chromium fork branded “Ninja Browser” (Linux).
Technical highlights:
• 950MB padded executable (null-byte inflation)
• AutoIt loader reconstruction
• Memory-resident payload execution
• Multipart/form-data POST exfiltration
• Malicious extension “NinjaBrowserMonetisation”
• XOR + Base56-like JS obfuscation
• Scheduled task persistence
• Russian search engine default modificationThis campaign reinforces a critical shift: SaaS platforms are now delivery infrastructure.
Defensive priorities:
– IoC blocking at firewall + EDR
– Redirect chain inspection
– Extension audit controls
– Endpoint scheduled task monitoringHow are you adjusting detection engineering for SaaS-based malware distribution?
Engage below.Source: https://www.ctm360.com/reports/ninja-browser-lumma-infostealer
Follow @technadu for ongoing threat intelligence coverage.
#ThreatIntel #MalwareResearch #DetectionEngineering #SOCOperations #EDR #CloudSecurity #SaaSAbuse #LummaStealer #LinuxThreats #CTM360 #IncidentResponse
-
CTM360 identifies an active campaign leveraging Google Groups and Google-hosted redirect chains to deliver Lumma Stealer (Windows) and a trojanized Chromium fork branded “Ninja Browser” (Linux).
Technical highlights:
• 950MB padded executable (null-byte inflation)
• AutoIt loader reconstruction
• Memory-resident payload execution
• Multipart/form-data POST exfiltration
• Malicious extension “NinjaBrowserMonetisation”
• XOR + Base56-like JS obfuscation
• Scheduled task persistence
• Russian search engine default modificationThis campaign reinforces a critical shift: SaaS platforms are now delivery infrastructure.
Defensive priorities:
– IoC blocking at firewall + EDR
– Redirect chain inspection
– Extension audit controls
– Endpoint scheduled task monitoringHow are you adjusting detection engineering for SaaS-based malware distribution?
Engage below.Source: https://www.ctm360.com/reports/ninja-browser-lumma-infostealer
Follow @technadu for ongoing threat intelligence coverage.
#ThreatIntel #MalwareResearch #DetectionEngineering #SOCOperations #EDR #CloudSecurity #SaaSAbuse #LummaStealer #LinuxThreats #CTM360 #IncidentResponse
-
CTM360 identifies an active campaign leveraging Google Groups and Google-hosted redirect chains to deliver Lumma Stealer (Windows) and a trojanized Chromium fork branded “Ninja Browser” (Linux).
Technical highlights:
• 950MB padded executable (null-byte inflation)
• AutoIt loader reconstruction
• Memory-resident payload execution
• Multipart/form-data POST exfiltration
• Malicious extension “NinjaBrowserMonetisation”
• XOR + Base56-like JS obfuscation
• Scheduled task persistence
• Russian search engine default modificationThis campaign reinforces a critical shift: SaaS platforms are now delivery infrastructure.
Defensive priorities:
– IoC blocking at firewall + EDR
– Redirect chain inspection
– Extension audit controls
– Endpoint scheduled task monitoringHow are you adjusting detection engineering for SaaS-based malware distribution?
Engage below.Source: https://www.ctm360.com/reports/ninja-browser-lumma-infostealer
Follow @technadu for ongoing threat intelligence coverage.
#ThreatIntel #MalwareResearch #DetectionEngineering #SOCOperations #EDR #CloudSecurity #SaaSAbuse #LummaStealer #LinuxThreats #CTM360 #IncidentResponse
-
CTM360 identifies an active campaign leveraging Google Groups and Google-hosted redirect chains to deliver Lumma Stealer (Windows) and a trojanized Chromium fork branded “Ninja Browser” (Linux).
Technical highlights:
• 950MB padded executable (null-byte inflation)
• AutoIt loader reconstruction
• Memory-resident payload execution
• Multipart/form-data POST exfiltration
• Malicious extension “NinjaBrowserMonetisation”
• XOR + Base56-like JS obfuscation
• Scheduled task persistence
• Russian search engine default modificationThis campaign reinforces a critical shift: SaaS platforms are now delivery infrastructure.
Defensive priorities:
– IoC blocking at firewall + EDR
– Redirect chain inspection
– Extension audit controls
– Endpoint scheduled task monitoringHow are you adjusting detection engineering for SaaS-based malware distribution?
Engage below.Source: https://www.ctm360.com/reports/ninja-browser-lumma-infostealer
Follow @technadu for ongoing threat intelligence coverage.
#ThreatIntel #MalwareResearch #DetectionEngineering #SOCOperations #EDR #CloudSecurity #SaaSAbuse #LummaStealer #LinuxThreats #CTM360 #IncidentResponse
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
How data science can boost your detection engineering maintenance and keep you from herding sheep: https://medium.com/falconforce/how-data-science-can-boost-your-detection-engineering-maintenance-and-keep-you-from-herding-sheep-8713b7220776
#datascience #securityoperationsCenter #detectionengineering
-
How data science can boost your detection engineering maintenance and keep you from herding sheep: https://medium.com/falconforce/how-data-science-can-boost-your-detection-engineering-maintenance-and-keep-you-from-herding-sheep-8713b7220776
#datascience #securityoperationsCenter #detectionengineering
-
How data science can boost your detection engineering maintenance and keep you from herding sheep: https://medium.com/falconforce/how-data-science-can-boost-your-detection-engineering-maintenance-and-keep-you-from-herding-sheep-8713b7220776
#datascience #securityoperationsCenter #detectionengineering
-
How data science can boost your detection engineering maintenance and keep you from herding sheep: https://medium.com/falconforce/how-data-science-can-boost-your-detection-engineering-maintenance-and-keep-you-from-herding-sheep-8713b7220776
#datascience #securityoperationsCenter #detectionengineering
-
Despite the promising title of this blog post by John Vester 'Why the MITRE ATT&CK Framework Actually Works', its a load of crock.
You can't and shouldn't use MITRE #ATT&CK to prove any sort of detection coverage or 'strong points'. At best, you can prove total absence in certain subtechniques.
If you want to do any sort of data driven #detectioncoverage you need #OpenTide -> there's no way around it.
https://levelup.gitconnected.com/why-the-mitre-att-ck-framework-actually-works-29ac26d2d20c
ATT&CK is still ♥️ 😍 tho.
-
🚀 MITRE ATT&CK v18 = a major leap in detection depth.
The new version adds Detection Strategies and Analytics - helping defenders align detection logic to platform-specific threats.
Also new: CI/CD, Kubernetes, ransomware prep behaviors, mobile “linked devices” exploits, and ICS asset updates.
MITRE even launched the ATT&CK Advisory Council to strengthen community collaboration.
💬 What part of ATT&CK v18 do you think will have the biggest impact on detection engineering?
Follow @technadu for more #ThreatIntel insights.#CyberSecurity #MITREATTACK #DetectionEngineering #CTI #ThreatIntel #BlueTeam #Infosec #CyberDefense #MITRE #ICS #CloudSecurity #MobileSecurity
-
#DetectionEngineering #OpenTIDE
So #Cloudot will help you empirically map attack telemetry, create it and allow you to try to test your detections also -
Now Itay Gabbay releases Cloudot, a tool to help you with #DetectionEngineering in cloud.
The tool looks like a serious chunk out of the #OpenTIDE backlog! #Cloudot
-
Used some #AI to jury rig a basic API documentation site for The Yaralyzer, my unexpectedly popular tool for visualizing and forcibly decoding #YARA matches in binary data.
* GitHub: https://github.com/michelcrypt4d4mus/yaralyzer
* PyPi: https://pypi.org/project/yaralyzer/
* API documentation: https://michelcrypt4d4mus.github.io/yaralyzer/api/
* Can also be installed (indirectly) via homebrew if you install The #Pdfalyzer (different tool)#ascii #asciiArt #blueteam #cybersecurity #detectionengineering #DFIR #forensics #FOSS #hacking #infosec #KaliLinux #malware #malwareDetection #malwareAnalysis #openSource #pdfalyzer #redteam #reverseEngineering #reversing #threathunting #yaralyze #yaralyzer #YARA #YARArule #YARArules
-
Just released version 1.16.8 of The Pdfalyzer with a bunch of new and updated #YARA rules to scan #PDF files for malicious content. Links in the quoted toot below.
https://universeodon.com/@cryptadamist/114768170683991686
#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #hacking #homebrew #infosec #KaliLinux #malware #malwareDetection #malwareAnalysis #openSource #pdf #pdfs #pdfalyzer #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #yaralyze #yaralyzer #YARA #YARArule #YARArules
-
just released version 1.0.1 of The Yaralyzer, my unexpectedly popular tool for visualizing and forcibly decoding #YARA matches in binary data. Fixes a small bug when trying to choose a byte offset to force a UTF-16 or UTF-32 decoding of matched bytes.
someone set up Yaralyzer as a #Kali package; not sure if that's made it into a release yet but if not the links are below.
https://universeodon.com/@cryptadamist/113642071681749608
#ascii #asciiArt #blueteam #cybersecurity #detectionengineering #DFIR #forensics #FOSS #hacking #infosec #KaliLinux #malware #malwareDetection #malwareAnalysis #openSource #pdfalyzer #redteam #reverseEngineering #reversing #threathunting #yaralyze #yaralyzer #YARA #YARArule #YARArules
-
If you’re #purpleteam ’ing without #OpenTIDE, why don’t you want your work to be actionable for your #SOC #DetectionEngineering :P
-
From @BSidesLV 2024 -> Ezz uses ML to cluster events without any performance impact on the SIEM and using Attack Flows to help identify the right elements to try to cluster:
https://www.youtube.com/watch?v=7KOoLo7oynk&list=PLjpIlpOLoRNQ0vzGtdcFyKNUA8JrpoM48&index=92
This will work excellently for #OpenTIDE TVMs also
-
Please everyone interested in #SOC or #DetectionEngineering read this by @letswastetime its a fantastic post: https://dispatch.thorcollective.com/p/detection-in-depth
I can only think of one thing missing - which is the actual enumeration of threat vectors and how they chain together to allow you to proceed with a data-driven approach to building your detection in depth.
There's only one #opensource framework that allows us to do the chaining as a community - and you know its #OpenTIDE
-
🐣 HAPPY EASTER CAPSTONE! 🛡️
My KQL courses now include a complete attack scenario to test your skills — end to end.
🎯 Hands-on labs
📉 20% OFF for a limited time!
Crack it open 👇#KQL #Kusto #ThreatHunting #DetectionEngineering #DFIR
https://academy.bluraven.io -
Streamlining detection engineering in security operation centers – Source: securelist.com https://ciso2ciso.com/streamlining-detection-engineering-in-security-operation-centers-source-securelist-com/ #rssfeedpostgeneratorecho #detectionengineering #CyberSecurityNews #Cybersecurity #securelistcom #TIandIRposts #0CISO2CISO #SIEM #SOC
-
According to new data, we’re really reaping the benefits of #OpenTIDE now in terms of exclusively release speed (#detectionengineering) and release quality. Not even talking about all the other advantages, but those 2 numbers alone are stunning now.
-
ChatGPT on how #opentide contributes to #detectionengineering and making #CTI actionable
-
just pushed a new release of The Yaralyzer, my unexpectedly popular tool for visually inspecting the output of #YARA scans with a lot of colors. example output below. change is small: it can now use a directory full of YARA rules files without renaming them all to end in .yara.
* GitHub: https://github.com/michelcrypt4d4mus/yaralyzer
* PyPi: https://pypi.org/project/yaralyzer/
* Can also be installed (indirectly) via homebrew if you install The #Pdfalyzer (different tool)someone has packaged this tool for Kali Linux though I don't know if it's in the distro yet. also available for macOS homebrew via an installer someone made for The Pdfalyzer.
Thomas Roccia at #Microsoft was also kind enough to make The Yaralyzer available via a web interface: https://x.com/fr0gger_/status/1749690000478974283
#malware #infosec #cybersecurity #kali #KaliLinux #YARArules #malwaredetection #threathunting #reverseEngineering #malwareAnalysis #reversing #yaralyze #yaralyzer #pdfalyze #detectionengineering
-
Very proud to see Amine on the Google Cloud Security podcast with @Timothypeacock and @anton_chuvakin
Go listen to episode 202 on SOCs, #DetectionEngineering and #OpenTIDE
-
Up soon:
"From 0 to millions: Protecting against AitM phishing at scale"- Jacob Torrey @Jacob
@hack_lu #hacklu2024 #canaries #Thinkst #HoneyEverything #TTPs #AiTM #Deception #DetectionEngineering
-
Is Security Analytics the key to High-Fidelity, Context-Rich Alerts? https://detect.fyi/is-security-analytics-the-key-to-high-fidelity-context-rich-alerts-9728ca698dcc
#siem #detectionengineering #SecurityAnalytics #SecurityOperationsCenter
-
Is Security Analytics the key to High-Fidelity, Context-Rich Alerts? https://detect.fyi/is-security-analytics-the-key-to-high-fidelity-context-rich-alerts-9728ca698dcc
#siem #detectionengineering #SecurityAnalytics #SecurityOperationsCenter
-
Is Security Analytics the key to High-Fidelity, Context-Rich Alerts? https://detect.fyi/is-security-analytics-the-key-to-high-fidelity-context-rich-alerts-9728ca698dcc
#siem #detectionengineering #SecurityAnalytics #SecurityOperationsCenter
-
🔍 Advanced Time Series Anomaly Detection: Discover methods you’ve never seen before.
🔗 Attack Path & Execution Chain Detection with Process Mining: A novel approach to threat detection.
🌐 Attack Pattern Detection Using Graph Semantics: Start thinking in graphs and revolutionize your detection and investigation skills.https://academy.bluraven.io/advanced-hands-on-kql-for-threat-hunting-and-detection-engineering
#KQL #Kusto #SIEM #MicrosoftSentinel #MicrosoftDefender #MicrosoftDefenderXDR #Defender #cybersecurity #KQLForSecurityAnalysts #ThreatHunting #DetectionEngineering #training #dfir #incidentresponse
-
Security Onion 2.4.70 now available including our new Detections interface and much more!
Tune your:
☑️#NIDS rules for #Suricata
☑️#Sigma rules for #ElastAlert
☑️#YARA rules for #StrelkaTake your #DetectionEngineering game to a new level!
https://blog.securityonion.net/2024/05/security-onion-2470-now-available.html