Wes Lambert

@[email protected]
499 Followers
22 Following
75 Posts

Principal Engineer at Security Onion Solutions

Open source security advocate and platform integration.

Githubhttp://github.com/weslambert
Ghosthttp://glue.ghost.io
Mediumhttp://wlambertts.medium.com
Wes LambertMar 28, 2023
Security Onion 🧅​Mar 28, 2023

#SecurityOnion 2.4 Beta 1 release is now available!

Featuring:
✅New Grid Configuration interface
✅Enhanced Grid Status interface
✅New Grid Members interface
✅Improved health metric visualizations
✅New Elastic Agent integration
and much more!

https://blog.securityonion.net/2023/03/security-onion-24-beta-release-now.html

Security Onion 2.4 Beta 1 Release Now Available!

At Security Onion Conference 2022, we showed a sneak peek of Security Onion 2.4: https://blog.securityonion.net/2022/10/sneak-peek-at-securi...

Wes LambertMar 24, 2023
Did anyone else play '"Pass the Pigs" as a child, or should I just go crawl into a corner 😅​? https://www.amazon.com/Winning-Moves-Games-Pass-Pigs/dp/B00005JG3Y
Amazon.com

Wes LambertMar 14, 2023

With regard to enterprise security monitoring, many folks agree that it's best to be able to monitor from the top down, passively gathering network telemetry from a SPAN port or network TAP.

While there is ETW, Sysmon DNS and network connection logs, and more, how much of an impact has it been to not have more verbose network telemetry available during your investigations?

#DFIR
#IncidentResponse
#SecurityMonitoring
#SOC

Wes LambertMar 2, 2023

I've updated the wlambert/velociraptor
@velocidex
#velociraptor Docker image to the latest release version.

https://github.com/weslambert/velociraptor-docker

This refers to the pre-built image.
If building locally, you'll always use the latest version.

Enjoy, and please let me know of any issues!

GitHub - weslambert/velociraptor-docker: Docker image for Velocidex Velociraptor

Docker image for Velocidex Velociraptor. Contribute to weslambert/velociraptor-docker development by creating an account on GitHub.

GitHub
Wes LambertFeb 17, 2023
Recon InfoSecFeb 17, 2023

We are stoked to announce our return to #BlackHat 2023 with our live-fire training taught by @eric_capuano and Matt Bromiley!

Sign up now: Adversary Detection & Incident Response - Network Defense Range Operations
#BHUSA #BH23 #BlackHat2023

Black Hat

Black Hat

Wes LambertFeb 3, 2023

I have a contact looking for remote work:

- 3 years experience in/leading a #SOC
- Experience w/ multiple #EDR and log management/ #SIEM platforms
- Open to security/SOC analyst/ #GRC/Vuln mgmt roles

If you would like to chat or share an opportunity, please let me know!

#infosec
#infosecjobs

Wes LambertJan 4, 2023
Show threadEric CapuanoJan 4, 2023

Taught @velocidex a new trick!

https://github.com/Velocidex/velociraptor-docs/blob/master/content/exchange/artifacts/Windows.System.AppCompatPCA.yaml #DFIR

velociraptor-docs/Windows.System.AppCompatPCA.yaml at master · Velocidex/velociraptor-docs

Documentation site for Velociraptor. Contribute to Velocidex/velociraptor-docs development by creating an account on GitHub.

GitHub
Wes LambertJan 3, 2023
What are the sneaky #C2 frameworks most folks don't know about?
Wes LambertJan 3, 2023

What do y'all think about a #C2 detection series including #SecurityOnion and #Velociraptor, illustrating the compliments and differences of host and network-based detection and response?

#BruteRatel
#CobaltStrike
#DFIR
#ESM
#Havoc
#Infosec
#NSM
#Sliver
#Sysmon

Yes
100%
No
0%
Poll ended at .
Wes LambertDec 23, 2022
Whitney Champion 🍪Dec 23, 2022

stoked about this talk with @eric_capuano 🤓💙🌵

join us for some @velocidex nerdery in january at @cactuscon!

and more of our @recon_infosec team will also be presenting 🔥

#cactuscon11 #cc11