#threathunting — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #threathunting, aggregated by home.social.
-
New post where I explore Zeek, Arkime and JA4+.
#ThreatHunting
https://blog.axelarator.net/we-have-packet-capture-at-home/ -
New post where I explore Zeek, Arkime and JA4+.
#ThreatHunting
https://blog.axelarator.net/we-have-packet-capture-at-home/ -
New post where I explore Zeek, Arkime and JA4+.
#ThreatHunting
https://blog.axelarator.net/we-have-packet-capture-at-home/ -
New post where I explore Zeek, Arkime and JA4+.
#ThreatHunting
https://blog.axelarator.net/we-have-packet-capture-at-home/ -
New post where I explore Zeek, Arkime and JA4+.
#ThreatHunting
https://blog.axelarator.net/we-have-packet-capture-at-home/ -
Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?
DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc -
Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?
DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc -
Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?
DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc -
Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?
DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc -
Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?
DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc -
Supply chain attacks keep evolving faster than our defenses — and the gap between "we know about it" and "we're protected" is where the interesting (and scary) things happen. Mapping exposure in real time isn't a luxury anymore, it's the baseline. The puzzle never stops changing. 🧩 #infosec #supplychain #threathunting
https://malware.news/t/reimagining-supply-chain-exposure-for-the-speed-of-modern-threats/106949 -
🟡 THREAT INTELLIGENCE
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Vulnerability | MEDIUM
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file...
Full analysis:
https://www.yazoul.net/news/article/progress-patches-critical-moveit-automation-bug-enabling-authentication-bypass -
🟡 THREAT INTELLIGENCE
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Vulnerability | MEDIUM
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file...
Full analysis:
https://www.yazoul.net/news/article/progress-patches-critical-moveit-automation-bug-enabling-authentication-bypass -
🔵 THREAT INTELLIGENCE
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
Vulnerability | CRITICAL
CVEs: CVE-2026-41940The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been...
Full analysis:
https://www.yazoul.net/news/article/critical-cpanel-and-whm-bug-exploited-as-a-zero-day-poc-now-available -
⚡ THREAT INTELLIGENCE
CISA and U.S. Government Partners Unveil Guide to Accelerate Zero Trust Adoption in Operational Technology
Vulnerability | MEDIUM
Full analysis:
https://www.yazoul.net/news/article/cisa-and-u-s-government-partners-unveil-guide-to-accelerate-zero-trust-adoption- -
A partir de este 1 de mayo dejo de formar parte del equipo de especialistas de threat monitoring y paso a ser hunter en threat hunting.
No sé por qué, el mismo jueves 7 de mayo tengo una reunión con la gente de una herramienta NDR para convencerles de ser los ideales para ofrecer su producto como partners a clientes. Reunión en la que me van a pedir, como experto en su herramienta (que nunca he tocado), demostrar nuestras capacidades, e incluso un informe de hunting de prueba.
Sí, amigos y amigas: tengo ocho días para convertirme no solo en un hunter experimentado sino en un experto en esa herramienta (además de, de repente, tener habilidades negociadoras para conseguir contratos). Por qué me ha caído a mí el marrón lo desconozco, pero así es mi empresa.
-
A partir de este 1 de mayo dejo de formar parte del equipo de especialistas de threat monitoring y paso a ser hunter en threat hunting.
No sé por qué, el mismo jueves 7 de mayo tengo una reunión con la gente de una herramienta NDR para convencerles de ser los ideales para ofrecer su producto como partners a clientes. Reunión en la que me van a pedir, como experto en su herramienta (que nunca he tocado), demostrar nuestras capacidades, e incluso un informe de hunting de prueba.
Sí, amigos y amigas: tengo ocho días para convertirme no solo en un hunter experimentado sino en un experto en esa herramienta (además de, de repente, tener habilidades negociadoras para conseguir contratos). Por qué me ha caído a mí el marrón lo desconozco, pero así es mi empresa.
-
A partir de este 1 de mayo dejo de formar parte del equipo de especialistas de threat monitoring y paso a ser hunter en threat hunting.
No sé por qué, el mismo jueves 7 de mayo tengo una reunión con la gente de una herramienta NDR para convencerles de ser los ideales para ofrecer su producto como partners a clientes. Reunión en la que me van a pedir, como experto en su herramienta (que nunca he tocado), demostrar nuestras capacidades, e incluso un informe de hunting de prueba.
Sí, amigos y amigas: tengo ocho días para convertirme no solo en un hunter experimentado sino en un experto en esa herramienta (además de, de repente, tener habilidades negociadoras para conseguir contratos). Por qué me ha caído a mí el marrón lo desconozco, pero así es mi empresa.
-
A partir de este 1 de mayo dejo de formar parte del equipo de especialistas de threat monitoring y paso a ser hunter en threat hunting.
No sé por qué, el mismo jueves 7 de mayo tengo una reunión con la gente de una herramienta NDR para convencerles de ser los ideales para ofrecer su producto como partners a clientes. Reunión en la que me van a pedir, como experto en su herramienta (que nunca he tocado), demostrar nuestras capacidades, e incluso un informe de hunting de prueba.
Sí, amigos y amigas: tengo ocho días para convertirme no solo en un hunter experimentado sino en un experto en esa herramienta (además de, de repente, tener habilidades negociadoras para conseguir contratos). Por qué me ha caído a mí el marrón lo desconozco, pero así es mi empresa.
-
ICYMI: IrisQL, our new query language, makes it easier than ever to share logic across teams and ticketing systems.
Explore how to optimize your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
-
ICYMI: IrisQL, our new query language, makes it easier than ever to share logic across teams and ticketing systems.
Explore how to optimize your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
-
ICYMI: IrisQL, our new query language, makes it easier than ever to share logic across teams and ticketing systems.
Explore how to optimize your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
-
ICYMI: IrisQL, our new query language, makes it easier than ever to share logic across teams and ticketing systems.
Explore how to optimize your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
-
ICYMI: IrisQL, our new query language, makes it easier than ever to share logic across teams and ticketing systems.
Explore how to optimize your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
-
🔵 THREAT INTELLIGENCE
Weekly Threat Roundup: 2026-04-20 to 2026-04-26
Roundup | CRITICAL
CVEs: CVE-2026-21515, CVE-2026-32613, CVE-2026-33819Cybersecurity roundup for 2026-04-20 to 2026-04-26. 10 CVE advisories, 2 breach reports, 5 threat news stories.
Full analysis:
https://www.yazoul.net/news/article/2026-w17-weekly-threat-roundup -
🔵 THREAT INTELLIGENCE
Weekly Threat Roundup: 2026-04-20 to 2026-04-26
Roundup | CRITICAL
CVEs: CVE-2026-21515, CVE-2026-32613, CVE-2026-33819Cybersecurity roundup for 2026-04-20 to 2026-04-26. 10 CVE advisories, 2 breach reports, 5 threat news stories.
Full analysis:
https://www.yazoul.net/news/article/2026-w17-weekly-threat-roundup -
💥Level up your threat hunting with IrisQL, our new query language for deeper, more flexible access to the Iris Investigate database.
Explore the full breakdown and start optimizing your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
#ThreatHunting #IrisQL #Infosec #DataScience -
💥Level up your threat hunting with IrisQL, our new query language for deeper, more flexible access to the Iris Investigate database.
Explore the full breakdown and start optimizing your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
#ThreatHunting #IrisQL #Infosec #DataScience -
💥Level up your threat hunting with IrisQL, our new query language for deeper, more flexible access to the Iris Investigate database.
Explore the full breakdown and start optimizing your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
#ThreatHunting #IrisQL #Infosec #DataScience -
💥Level up your threat hunting with IrisQL, our new query language for deeper, more flexible access to the Iris Investigate database.
Explore the full breakdown and start optimizing your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
#ThreatHunting #IrisQL #Infosec #DataScience -
💥Level up your threat hunting with IrisQL, our new query language for deeper, more flexible access to the Iris Investigate database.
Explore the full breakdown and start optimizing your security stack here: https://www.domaintools.com/blog/supercharge-your-threat-investigations-with-irisql
#ThreatHunting #IrisQL #Infosec #DataScience -
*Read it like an infomercial*
Are you tired of working with logs that contain arrays with multiple JSON like this?
Have you tried creating a new column with the value you want only to find out that this value has no fixed position in the array?
Now your problems are over! With this 5 line KQL snippet, written by a real human, you can finally have the peace of mind that all the fields are populated correctly and everything is neat inside a single JSON!
#kusto #kustoquery #kql #threathunting #threat_hunting #dfir #digitalforensics
-
*Read it like an infomercial*
Are you tired of working with logs that contain arrays with multiple JSON like this?
Have you tried creating a new column with the value you want only to find out that this value has no fixed position in the array?
Now your problems are over! With this 5 line KQL snippet, written by a real human, you can finally have the peace of mind that all the fields are populated correctly and everything is neat inside a single JSON!
#kusto #kustoquery #kql #threathunting #threat_hunting #dfir #digitalforensics
-
*Read it like an infomercial*
Are you tired of working with logs that contain arrays with multiple JSON like this?
Have you tried creating a new column with the value you want only to find out that this value has no fixed position in the array?
Now your problems are over! With this 5 line KQL snippet, written by a real human, you can finally have the peace of mind that all the fields are populated correctly and everything is neat inside a single JSON!
#kusto #kustoquery #kql #threathunting #threat_hunting #dfir #digitalforensics
-
*Read it like an infomercial*
Are you tired of working with logs that contain arrays with multiple JSON like this?
Have you tried creating a new column with the value you want only to find out that this value has no fixed position in the array?
Now your problems are over! With this 5 line KQL snippet, written by a real human, you can finally have the peace of mind that all the fields are populated correctly and everything is neat inside a single JSON!
#kusto #kustoquery #kql #threathunting #threat_hunting #dfir #digitalforensics
-
*Read it like an infomercial*
Are you tired of working with logs that contain arrays with multiple JSON like this?
Have you tried creating a new column with the value you want only to find out that this value has no fixed position in the array?
Now your problems are over! With this 5 line KQL snippet, written by a real human, you can finally have the peace of mind that all the fields are populated correctly and everything is neat inside a single JSON!
#kusto #kustoquery #kql #threathunting #threat_hunting #dfir #digitalforensics
-
🟡 THREAT INTELLIGENCE
Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
Vulnerability | MEDIUM
Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked...
Full analysis:
https://www.yazoul.net/news/article/apple-fixes-ios-flaw-that-let-fbi-recover-deleted-signal-messages -
🟡 THREAT INTELLIGENCE
Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
Vulnerability | MEDIUM
Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked...
Full analysis:
https://www.yazoul.net/news/article/apple-fixes-ios-flaw-that-let-fbi-recover-deleted-signal-messages -
I'm excited to keynote the Antisyphon #ThreatHunting Summit, a free virtual event on June 17th.
Why am I excited? Because I get the chance to re-evaluate something I proposed as one of the fundamental pillars of hunting 10 years ago!
"Is It Time to Embrace Automated Threat Hunting?"
Check out the abstract, then register at the link below:
-
I'm excited to keynote the Antisyphon #ThreatHunting Summit, a free virtual event on June 17th.
Why am I excited? Because I get the chance to re-evaluate something I proposed as one of the fundamental pillars of hunting 10 years ago!
"Is It Time to Embrace Automated Threat Hunting?"
Check out the abstract, then register at the link below:
-
I'm excited to keynote the Antisyphon #ThreatHunting Summit, a free virtual event on June 17th.
Why am I excited? Because I get the chance to re-evaluate something I proposed as one of the fundamental pillars of hunting 10 years ago!
"Is It Time to Embrace Automated Threat Hunting?"
Check out the abstract, then register at the link below:
-
I'm excited to keynote the Antisyphon #ThreatHunting Summit, a free virtual event on June 17th.
Why am I excited? Because I get the chance to re-evaluate something I proposed as one of the fundamental pillars of hunting 10 years ago!
"Is It Time to Embrace Automated Threat Hunting?"
Check out the abstract, then register at the link below:
-
I'm excited to keynote the Antisyphon #ThreatHunting Summit, a free virtual event on June 17th.
Why am I excited? Because I get the chance to re-evaluate something I proposed as one of the fundamental pillars of hunting 10 years ago!
"Is It Time to Embrace Automated Threat Hunting?"
Check out the abstract, then register at the link below:
-
🧠 Formbook Daily Report
⬇️ Trend: declining (21%)
📊 11 new samples
🌐 55 C2 serversFull analysis, IOCs, and hashes:
https://www.yazoul.net/malware/formbook/reports/2026-04-21 -
🧠 Formbook Daily Report
⬇️ Trend: declining (21%)
📊 11 new samples
🌐 55 C2 serversFull analysis, IOCs, and hashes:
https://www.yazoul.net/malware/formbook/reports/2026-04-21 -
Security Intelligence Repository with RULEZET
Building a Trusted Community for Detection Rules
First workshop presented at @firstdotorg CTI 2026 in Munich
🔗 source code https://github.com/rulezet/
🔗 online version https://rulezet.org/
#rulezet #cti #threatintelligence #threathunting #opensource #cybersecurity
-
Security Intelligence Repository with RULEZET
Building a Trusted Community for Detection Rules
First workshop presented at @firstdotorg CTI 2026 in Munich
🔗 source code https://github.com/rulezet/
🔗 online version https://rulezet.org/
#rulezet #cti #threatintelligence #threathunting #opensource #cybersecurity
-
Security Intelligence Repository with RULEZET
Building a Trusted Community for Detection Rules
First workshop presented at @firstdotorg CTI 2026 in Munich
🔗 source code https://github.com/rulezet/
🔗 online version https://rulezet.org/
#rulezet #cti #threatintelligence #threathunting #opensource #cybersecurity
-
Security Intelligence Repository with RULEZET
Building a Trusted Community for Detection Rules
First workshop presented at @firstdotorg CTI 2026 in Munich
🔗 source code https://github.com/rulezet/
🔗 online version https://rulezet.org/
#rulezet #cti #threatintelligence #threathunting #opensource #cybersecurity
-
Security Intelligence Repository with RULEZET
Building a Trusted Community for Detection Rules
First workshop presented at @firstdotorg CTI 2026 in Munich
🔗 source code https://github.com/rulezet/
🔗 online version https://rulezet.org/
#rulezet #cti #threatintelligence #threathunting #opensource #cybersecurity