Wes Lambert

@[email protected]
499 Followers
22 Following
75 Posts

Principal Engineer at Security Onion Solutions

Open source security advocate and platform integration.

Githubhttp://github.com/weslambert
Ghosthttp://glue.ghost.io
Mediumhttp://wlambertts.medium.com
Wes LambertMar 28, 2023
Security Onion 🧅​Mar 28, 2023

#SecurityOnion 2.4 Beta 1 release is now available!

Featuring:
✅New Grid Configuration interface
✅Enhanced Grid Status interface
✅New Grid Members interface
✅Improved health metric visualizations
✅New Elastic Agent integration
and much more!

https://blog.securityonion.net/2023/03/security-onion-24-beta-release-now.html

Security Onion 2.4 Beta 1 Release Now Available!

At Security Onion Conference 2022, we showed a sneak peek of Security Onion 2.4: https://blog.securityonion.net/2022/10/sneak-peek-at-securi...

Wes LambertMar 24, 2023
Did anyone else play '"Pass the Pigs" as a child, or should I just go crawl into a corner 😅​? https://www.amazon.com/Winning-Moves-Games-Pass-Pigs/dp/B00005JG3Y
Amazon.com

Show threadWes LambertMar 23, 2023
@femaven all while trying to cram pogs into their place.
Show threadWes LambertMar 23, 2023
@femaven I remember the vienetta as well! 😅​👌​
Show threadWes LambertMar 23, 2023
@shortstack Don't forget the dunkaroos
Show threadWes LambertMar 23, 2023
@shortstack I don't remember Elios, but fully recall Totino's pizza on a cracker, Flintstones push pops, fruit by the foot, Gushers, fruit roll-ups, Kudos bars, and Hi-C Fruit Punch 😅​. 90s kids = 90 grams sugar/day kids.
Wes LambertMar 14, 2023

With regard to enterprise security monitoring, many folks agree that it's best to be able to monitor from the top down, passively gathering network telemetry from a SPAN port or network TAP.

While there is ETW, Sysmon DNS and network connection logs, and more, how much of an impact has it been to not have more verbose network telemetry available during your investigations?

#DFIR
#IncidentResponse
#SecurityMonitoring
#SOC

Wes LambertMar 2, 2023

I've updated the wlambert/velociraptor
@velocidex
#velociraptor Docker image to the latest release version.

https://github.com/weslambert/velociraptor-docker

This refers to the pre-built image.
If building locally, you'll always use the latest version.

Enjoy, and please let me know of any issues!

GitHub - weslambert/velociraptor-docker: Docker image for Velocidex Velociraptor

Docker image for Velocidex Velociraptor. Contribute to weslambert/velociraptor-docker development by creating an account on GitHub.

GitHub
Wes LambertFeb 17, 2023
Recon InfoSecFeb 17, 2023

We are stoked to announce our return to #BlackHat 2023 with our live-fire training taught by @eric_capuano and Matt Bromiley!

Sign up now: Adversary Detection & Incident Response - Network Defense Range Operations
#BHUSA #BH23 #BlackHat2023

Black Hat

Black Hat

Wes LambertFeb 3, 2023
@cR0w Unfortunately, I don't think that would work for this individual, but I appreciate your response! Thanks!