![SecDatasets's tweet photo. @OTR_Community @Cyb3rWard0g @sigma_hq @ProjectJupyter @jack_halon @Flangvik @mvelazco 😈 Endpoint dataset: built-in & Sysmon telemetry 🛡️
Doc: https://t.co/unUjd0EkK3
✅ Web shell created
✅ Unexpected compiled ASPX files created by w3wp in Temporary ASP[.]NET Files directory
✅ OabVirtualDirectory ExternalUrl set to <script>
✅ w3wp child process & more https://t.co/O2Low9MI4Z](https://pbs.twimg.com/media/Ewc5ov6WUAEl4Iu.png)
Olivia
Online
Security Datasets
@SecDatasets
Contributing datasets, from different platforms, to the InfoSec community to expedite data analysis and threat research!
Datastore
Joined September 2019
5 Following
2.1K Followers
66 Posts
Pinned Tweet
🚨 Collecting and sharing logs from the ☁️
🙏 Thanks to project SimuLand 🏝️ (an @OTR_Community Initiative), we are starting to collect data from known community templates & emulation plans 😎
🌩️AWS Dateset: https://t.co/WDHftzUCz0
🏗️ SimuLand: https://t.co/w9zbaqkY8t
Today, Microsoft is open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. Read about the design principles and learn how to deploy: https://t.co/B0G6BxUeaM
🚨 We decided to re-brand Mordor to @SecDatasets 😈 We’ll cover new types of datasets to extend its application 💜 more coming soon.. 🍻
Help us build the largest library of datasets for the InfoSec community! 🚀
Site: https://t.co/tpgVTJWNfL…
Repo: https://t.co/q5USTVMZCt
We shared a dataset that contains the core behavior 🍻 You can add more context around it! (i.e. Service creation & execution) @OTR_Community
😈 Data: https://t.co/EUpini3Vkn
🛡️@sigma_hq rules:
1⃣ https://t.co/d85dp6R2ah
2⃣ https://t.co/AJscSIqqMR
How Do I use the data? ⏬
#HuntingTipOfTheDay
Search for command lines 🔎with 'comsvcs.dll' and 'MiniDump' to find credential dumping. 👀
✏️Test your detections: https://t.co/dX9LPgDvuR
📎References:
▪️https://t.co/lBgmVUn2Ru by Jenna Magius and Nate Caroe (@RiskSense)
▪️https://t.co/OcrRw4xc41
Importance of data sets for SecOps research and rule testing with projects by @SBousseaden, @Mordor_Project, @Cyb3rWard0g's SimuLand
🚨 In less than 24h 😉, we are sharing telemetry ( #Sysmon, Security & System) through the @Mordor_Project to help everyone 🌎 expedite the validation process of detection rules! @Cyb3rPandaH #CobaltStrike
🗒️Metadata: https://t.co/63RGi5RQ0u
😈Dataset: https://t.co/kRRl71Vrdc
It's time to go to SimuLand! 🎠🎡🎢
But it isn't a new vacation theme park hot spot, it's a new open-source initiative that will help you deploy a lab environment to reproduce real attack scenarios to test your security defenses.
Get the details: https://t.co/IZwtdMLlT0
Sharing @Mordor_Project datasets for "Getting AD FS Database Config Remotely" (Security, Sysmon & PCAP) @Cyb3rWard0g 🍻🙏
https://t.co/UQgGy59ha8
1⃣ A few tool-based comments at the host level
2⃣ Group hosts & processes connecting to AD FS server over port 80 (Usually 443)
@Cyb3rWard0g @Ch33r10 @NetworkDefense @chrissanders88 Happy to see you are using the @Mordor_Project ! The project comes with small (atomic) and large (campaigns) datasets.
One great example of how to use our large datasets is this post by @filar (APT3) https://t.co/xLtUBfPVE3
@OTR_Community @Cyb3rWard0g @sigma_hq @ProjectJupyter @jack_halon @Flangvik @mvelazco 😈 Endpoint dataset: built-in & Sysmon telemetry 🛡️
Doc: https://t.co/unUjd0EkK3
✅ Web shell created
✅ Unexpected compiled ASPX files created by w3wp in Temporary ASP[.]NET Files directory
✅ OabVirtualDirectory ExternalUrl set to <script>
✅ w3wp child process & more
![SecDatasets's tweet photo. @OTR_Community @Cyb3rWard0g @sigma_hq @ProjectJupyter @jack_halon @Flangvik @mvelazco 😈 Endpoint dataset: built-in & Sysmon telemetry 🛡️
Doc: https://t.co/unUjd0EkK3
✅ Web shell created
✅ Unexpected compiled ASPX files created by w3wp in Temporary ASP[.]NET Files directory
✅ OabVirtualDirectory ExternalUrl set to <script>
✅ w3wp child process & more https://t.co/O2Low9MI4Z](https://pbs.twimg.com/media/Ewc8bWBXAAIbce-.png)
Sharing some data samples (PCAP & WinEvents) to validate detection of lateral movement via remote scheduled task creation & update 🍻 @OTR_Community
1⃣ Creation: https://t.co/ljZQuar0FD
2⃣ Update: https://t.co/IQyNC327JH
@HunterPlaybook Library Doc: https://t.co/HxIlW98DCo
https://t.co/7k2txhWjLK
Looking forward to it! 🍻 Let's talk about some of the steps taken before sharing a dataset with the community 💜
THIS FRIDAY: Catch @Cyb3rWard0g in conversation with @mattifestation for the last #AtomicFriday of 2020! https://t.co/aBCAfUqDEr
Big news ya'll: @Cyb3rWard0g will be hosting our next Atomic Friday on December 11! Join us for a deep dive into @Mordor_Project and learn strategies for expediting data analysis. https://t.co/9hedpYj9SZ
Don`t Forget to checkout Project SimuLand for
☁️Cloud Datasets
https://t.co/iRl4ASDCjI
Looking for ways to validate detection rules for that specific behavior? A small sample of data and a few rules!
Thank you @rbmaslen @domchell @tifkin_ @OTR_Community
😈 Dataset: https://t.co/okyM2hqYQW
🏹 @sigma_hq:
1) https://t.co/aQyfn8ucNa
2) https://t.co/O55phnexfi
SharpView, if you've run it on a machine have a look in %TEMP%\ba9ea7344a4a5f591d6e5dc32a13494b you might find a nasty surprise.....
So cool to see this! 👍
If you are wondering what this might look like in Sysmon, we got you covered with a new small dataset. You can simply download it from the link below and explore it with PSH as shown in the second image below 😊 Thank you @jxy__s !
😈 https://t.co/vvCb7xG1qb
I’m pleased to present this Windows exploit. Process Herpaderping is a method for evading detection - similar to process migration, hollowing, or doppelganging.
https://t.co/ZoUJkBtOsw
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers