Nerdy shit and good vibes.
Technical Lead, Incident Response @ Cisco Talos Intelligence Group
#hacking, #dfir, #redteam, #blueteam, #coding, #3dprinting, #vanlife, #camping
| https://twitter.com/chrisdfir | |
| https://www.linkedin.com/in/chrisdisalle | |
| GitHub | https://github.com/chrisdfir |
#DFIR #Threathunting Tip
When performing analysis to hunt for a specific MITRE ATT&CK technique, gathering information on potential tools, commands, and arguments in advance can be highly beneficial. One method that produces quick wins is to search that technique on GitHub where you can find basic detection logic from Red Canary, SIGMA, Swimlane, etc.
- Search all repositories on GitHub for technique (e.g. T1083)
- Switch search to ‘Code’ and Language to ‘Markdown’
- Sort by ‘Recently indexed’
- Review and integrate top findings into hunt
- Profit
2023 Snort Calendars are here! #infosec #cybersecurity
"Want a copy? NEED a copy? Simply fill out our short survey here. Calendars will begin shipping after December 1, 2022. U.S. shipping only, available while supplies last."
Source: https://blog.talosintelligence.com/threat-source-newsletter-nov-17-2022/
Survey link: https://ciscocx.qualtrics.com/jfe/form/SV_8CYvpkAudw91ltk
