#thrunting — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #thrunting, aggregated by home.social.
-
Oh, and for those that didn't know, the good side lost the battle against the unironic use of the term #thrunting . It appears it's here to stay.
-
Check out! New sharing community for Threat Hunters, from some amazing people I greatly respect @letswastetime and @Jotunvillur
HEARTH (Hunting Exchange And Research Threat Hub)!
Hey thrunters! A new open-source home to:
- Share hunt ideas
- Learn from others
- Level up togetherBuilt by hunters, for hunters 🎯
https://threathuntingcommunity.com -
Hack.lu 2023: Velocity Raptor: Accelerating Velociraptor Hunting With Tenzir - Matthias Vallentin
https://www.youtube.com/watch?v=2ghZbkk8XS4
#Velociraptor #DFIR #Tenzir #ThreatHunting #Thrunting #Speed #Velocity
-
A co-worker of mine the other day referred to Threat Hunting as Thrunting, and now I want to make Thrunting an actual cyber security term so very badly.
-
Achieving PEAK Performance: Introducing the PEAK Threat Hunting Framework
-
Threathound: An IR (Incident Response) and threat hunting tool
Check ✅️ it out: -
IntelOwl an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API. It integrates a number of analyzers available online and a lot of cutting-edge malware analysis tools.
-
Kudos to virustotal for the cheatsheet they dropped today (https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries. #CTI #VTI #virustotal #thrunting
-
Kudos to virustotal for the cheatsheet they dropped today (https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries. #CTI #VTI #virustotal #thrunting
-
Kudos to virustotal for the cheatsheet they dropped today (https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries. #CTI #VTI #virustotal #thrunting
-
Kudos to virustotal for the cheatsheet they dropped today (https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries. #CTI #VTI #virustotal #thrunting
-
Kudos to virustotal for the cheatsheet they dropped today (https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries. #CTI #VTI #virustotal #thrunting
-
Data from recent #batloader campaigns leveraging digitally signed #malware impersonating popular software:
🧲 Lure sites:
anyofferdesk[.]com
offerdistancezoom[.]com
offerslack[.]com
teamofferview[.]com
luminar4[.]com
winrarlabs[.]com
getsnotes[.]com🖊️ Digital Certificates:
"Digital Designs FL LLC"
"Glacier Digital Ads Inc"
"Danjo Digital LLC"🌐 C2s:
24xpixeladvertising[.]com
t1pixel[.]com
photo-editor-mark[.]com❓ What's next?
Batloader is malware-as-a-service that's been observed delivering InfoStealers or in some cases dual-use agents (atera, zoom) along with #cobaltstrike for #ransomware purposes🔗 VT query for files signed by these certificates: https://www.virustotal.com/gui/search/signature%253A%2522Digital%2520Designs%2520FL%2520LLC%2522%2520OR%2520signature%253A%2522Glacier%2520Digital%2520Ads%2520Inc%2522%2520OR%2520signature%253A%2522Danjo%2520Digital%2520LLC%2522/files
-
I wrote a little script to parse and extend the Sigma rules from hijacklibs dll side loading archive.
Feel free to modify this to include your PySigma tail content so it can work in your SIEM
https://github.com/joshnck/Sigma_Rules/blob/main/scripts/get-hijacklibs-sigma-rules.ps1