Quick blog post on a new ETW event to monitor 'valid' KASLR bypasses through system calls: windows-internals.com/an-end-to-kasl…

Check out the #opensource #Kafka #sigma interpreter @mpeacock1964 and I built: github.com/confluentinc/c… Load sigma rules in a topic and the kstreams app will appply them against your streams of observability data in real time! #cyber security #cyber inspired by Nate Guagenti socprime

Detections in Kafka just getting started! What began with @the_helk and now this w/ Sigma, it will be interesting to see. Kafka is a database just as anything else, massive amount of logs being stored in deployments and unexplored.

500+ #sigma rules vs ruzzian threat actors. 100% of revenue on this plan is donated to the Come Back Alive Foundation, non-governmental Ukrainian organization that helps people who fight to defend our freedom to return home alive. my.socprime.com/pricing/
#sigma 2savelives

.tob mic from my team created a sigma extension for VS Code

It's in an early stage but already pretty useful and we've already discussed the cool functions and snippets that he's going to add

#Sigma #VSCode

marketplace.visualstudio.com/items?itemName…

Considering current situation when my country is running down I see no longer future in Russia for me and my family. I open for any job offers relevant to my LinkedIn profile. Pease DM me, for detailed CV.
#NoToWar #НетВойне

In the last couple of weeks, we've been working 3CORESec 🛡 on a little project we're calling MAL-CL. It aims to collect and document real-world/common 'malicious' CLI execs of different tools/utilities. Feedback and contributions are much appreciated.
github.com/3CORESec/MAL-CL

🚨 Sharing how to deploy a lab environment w/ #AzureSentinel , a few Linux 🐧 VMs and Microsoft Audit Collection Tool (AUOMS) set up 📡to identify & map sources of data to the execution context of OMI! #MSTIC #OMIGOD 😎 This has been very helpful 💥

techcommunity.microsoft.com/t5/azure-senti…

Sigma rule by Roberto Rodriguez 🇵🇪 to detect possible #OMIGOD exploitation attempts in auditd logs

github.com/SigmaHQ/sigma/…

While this has been used forever to create exploits. It's a very creative way of makng a JIT for architectures that don' allow allocating executable memory. The code can be seen in this commit: github.com/ktemkin/qemu/c… (7/7)

🚨 A few detection opportunities while interacting with local AD hybrid health agent registry keys & Azure AD connect health AD FS services ☁️

📡SACLs & 🛰️Activity Logs (Directory Activity) FTW

🛡️ #AzureSentinel : github.com/search?q=repo%…

🌎 sigma : github.com/SigmaHQ/sigma/…

Pull request created.
Here is the Jupyter notebook under the forked repo : github.com/H1L021/EVTX-AT…
Examples:
- Top tactics by number of events
- Top 10 Tactics by EventIDs and Event Log Providers
- Top 30 RelativeTargetName of EventID 5145 by ShareName
- Sankey Diagrams

CyberChef 9.30 adds JA3 and JA3S support dlvr.it/S5vjH3 #Resources #Tools