🚀More updates to the EDR Telemetry website!

✨ New Blog section - More posts on telemetry incoming
✨ New Mitre ATT&CK Mappings page
✨ Hover over the ⚠️(Partially) to see the reason
✨ Added "Legend" that describes each attribute

🗑️ The Google Sheet will no longer be updated. Please refer to the website

EDR telemetry evals for the new Linux category have started. The first results are in, and they ain't pretty 😔

I genuinely hope vendors succeed because it benefits everyone. Even so, the telemetry evaluation will remain objective, and there is always potential for enhancement. ! Despite that, the telemetry evaluation process will be fair, and there is always room for improvement.

I've come across some instances today where the TAs forgot to change the C2 configs from localhost when building their #QuasarRAT binaries. It's so funny when they mess up [1].

Some other samples are using Telegram for C2. The screenshot below shows the messages they send to the Telegram channel, showing their target selection criteria [2]