imlordoftherings

@[email protected]
542 Followers
500 Following
625 Posts
putzing around in the logs
githubhttps://github.com/joshnck
twitterhttps://twitter.com/imlordofthering
imlordoftheringsDec 1, 2024
The Taggart InstituteNov 19, 2024

New Course: Automated Detection with Sigma

Two courses in one week?!? We're so excited to share with you a new course that Faculty member @Imlordofthering has been working hard on for about a year now!

Automated Detection with Sigma is an introduction to using and deploying Sigma rules in a Detection as Code design. You'll learn how to read and write Sigma rules, deploy a Splunk SIEM. convert your rules to the Splunk Processing Language, and build the infrastructure to automatically convert new Sigma rules to saved and scheduled searches.

This is a hot topic and we think you'll find that it useful in both lab and enterprise environments.

Go start learning!

https://taggartinstitute.org/p/detection-with-sigma

imlordoftheringsFeb 22, 2023
HorkosFeb 22, 2023
“maybe the real cyberwar was all the bad takes online proclaiming CYBERWAR” (2023)
imlordoftheringsFeb 8, 2023
SANS Internet Storm Center - SANS.edu - Go Sentinels!Feb 8, 2023
Simple HTML Phishing via Telegram Bot #phishing #telegram https://i5c.us/d29528
imlordoftheringsFeb 8, 2023
How much time spent making PowerPoint presentations is too much?
imlordoftheringsFeb 6, 2023
Lorenzo Franceschi-BicchieraiFeb 6, 2023

NEW: Cybercriminals are hitting multiple targets in France, Italy, U.S., Germany, Canada, UK and beyond.

These are all organizations that haven't patched a bug in an hypervisor that has had a fix available since 2021.

A great example of the risks of leaving vulns unpatched for...checks notes...2 years.

https://techcrunch.com/2023/02/06/hackers-vmware-esxi-ransomware/

TechCrunch is part of the Yahoo family of brands

imlordoftheringsFeb 6, 2023

Does Proofpoint offer a service to filter my USPS mail?

I'd definitely pay for that.

imlordoftheringsFeb 2, 2023
Paul MelsonFeb 2, 2023
🧵​
Today's reverse engineering adventure begins when we find a suspicious file staged on paste[.]io. It's a PowerShell script that decodes a large base64 string to a file named "x.bat". Easy enough to decode, but that's just the beginning.
imlordoftheringsFeb 1, 2023
Today I'm the jerk who gets to call everyone out for not leaving notes on tickets... Great!
imlordoftheringsJan 31, 2023

Had a long debate about what the difference is between an incident and an event and a true and a false positive.

I referenced the great article by @jfslowik quite a bit - https://blog.gigamon.com/2022/08/05/revisiting-the-idea-of-the-false-positive/

Ultimately though a lot of this has to do with business metrics and business goals. If these distinctions are the KPI of a SOC then the water gets muddy. The philosophic distinction matters less than the one that justifies your budget.

Good data makes for good science. But we're not doing science, we're doing business.

Revisiting the Idea of the “False Positive”

Background One common refrain in security circles is the chore related to “false positive” alerts and detection results. The “false positive” alert

Gigamon Blog
imlordoftheringsJan 28, 2023

New haul, who dis?

#artificialintelligence #weedeater #titusandronicus #toroymoi #ledzeppelin #charlesmingus #vinylrecords #vinylcollection