Olivia
Online
James D
@FranticTyping
Threat Hunting | Detection Engineering | Defensive Automation (ex @Countercept, @mwrlabs)
Joined April 2008
447 Following
836 Followers
387 Posts
Pinned Tweet
I'm happy to announce the release of Chainsaw v2! 🥳
Chainsaw allows users to rapidly search through Windows event logs and hunt for threats using @sigma_hq detection rules, all without a SIEM!
Version 2 includes some exciting new features, info in 🧵
https://t.co/P9q69gZswA
@__invictus_ @RedTeamTactics PPID spoofing was the gift that kept giving a few years ago. Threat actors were doing it without realising it was a very high fidelity detection for most EDRs. It so rarely happens normally that it was a dead giveaway something malicious was going on
https://t.co/T5lgC7Y1zV
Slides from this talk are now available here: https://t.co/u2jvMOhK0Y
My talk "Scaling Detection and Response Teams - Enabling Efficient Investigations" is at 3:45pm today at #BSidesLDN2023 on track 2! Come down and say hi if you're around 😀
https://t.co/eWmXlsAJFO
Who to follow
Craig Rowland - Agentless Linux Security 
@CraigHRowland
Agentless Linux security. No endpoint agents and no drama. Linux malware, forensics, intrusion detection, and hacking. Founder @SandflySecurity.
Roberto Rodriguez 🇵🇪
@Cyb3rWard0g
AI Security Researcher @nvidia | Prev: @Microsoft @awscloud | Founder of the @OTR_Community
Jonny Johnson
@JonnyJohnson_
Windows Internals & Telemetry Research
@ThePayloadPod
Blog: https://t.co/MnE9BCsSnA
Github: https://t.co/v7hSLq6Edz
My talk "Scaling Detection and Response Teams - Enabling Efficient Investigations" is at 3:45pm today at #BSidesLDN2023 on track 2! Come down and say hi if you're around 😀
https://t.co/eWmXlsAJFO
@AngusRedBlue @JohnHultquist @BSidesLondon I’ve got a spare one as well, let me know you still need one.
Scaling detection and response operations at Coinbase part 2 & 3:
🔍 Driving context into detection logic with machine and user profiles
🔧 Codifying automatic remediation for high-risk detections
📫 Automating alert triage with employees via Slackbot
https://t.co/vEUEWvZ6K4
The first part of my blog series on how we’ve been scaling detection and response operations at Coinbase is live!
Interested in speeding up your investigations, increasing the visibility of key data sources, and improving quality of life for analysts?
https://t.co/KxaP8KughK
Our incident responders recently battled TheDukes/CozyBear/APT29 out of a customer environment. We also developed tooling to help investigate the timeline of the breach. We added 3 techniques for the analysis & timestamp enrichment of Shimcache entries https://t.co/uQGERBDLHY
@OMENScan @AlexKornitzer Hey @OMENScan - feel free to open an issue on GitHub and we can take a look: https://t.co/P9q69gZswA
Our team at @elastic has been developing this feature for almost six years and we are excited to share our work with the security research community. Thanks to @GabrielLandau @joehowwolf and many others who have contributed to this effort over the years!
Dude, you can wipe whatever WEVTXs you want 🪠
@HuntressLabs gon' find the user accounts, session times, machines, and method for your lateral movement 🕵️♀️
You'd be surprised what #RDP-related event logs can reveal
https://t.co/MCQNd1WXgb
I have never before criticized a competitor by name on the @1Password blog.
This is an exception.
https://t.co/E2K1pdUIXj
I'm happy to announce the release of Chainsaw v2! 🥳
Chainsaw allows users to rapidly search through Windows event logs and hunt for threats using @sigma_hq detection rules, all without a SIEM!
Version 2 includes some exciting new features, info in 🧵
https://t.co/P9q69gZswA
Hunt, search, and extract Windows event log records with Chainsaw, now in #toolsmith 148. Experiments with an old #DFIR malware case, as well as APT Simulator. The saw is the law! @AlexKornitzer @FranticTyping @sigma_hq @cyb3rops https://t.co/oeYDZKq8eH
Also, a massive shout out to @AlexKornitzer for all of his work on v2. He managed to take my “lockdown 2020 Christmas project” and turn it into a much more polished solution. ❤️
v2 highlights💡
📖 Support for event logs in XML and JSON format
🎯 Increased sigma rule logic support. More detections!
📘 Chainsaw output displays important information more clearly
🔎 Better filtering/searching options
🦖 Updated Velociraptor Plugin https://t.co/s2Rviu1dyg
@Purp1eW0lf @AlexKornitzer Ah, that's so cool to see Chainsaw being useful!😀
We've just released the beta of Chainsaw v2 which contains a lot of improvements over v1 (support for loading EVTX in JSON & XML format, better sigma detection coverage, faster execution etc). I'd love to hear your feedback!
Really cool to see this tool finally public! If you’re still viewing alert data in a jira ticket, I’d recommend checking out the approach DetectTree takes to visualise detections, it makes a massive difference.
Happy to drop this new open-source tool that connects the dots during a cyber attack to help blue teams cut down response times, avoid alert fatigue, and communicate during an incident.
More info here >> https://t.co/OZyfKBJ6ll
#cybersecurity #incidents #infosec
Check out the first post in my new blog series "On Detection: From Tactical to Functional". The first post explores how we can leverage source code to discover which API Functions an attack tool is using which serves as a base for further investigation.
https://t.co/W9SGL2VP8h
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers