Just published a new post in my Detection & Response Chronicles series.
This time I explore how adversaries abuse QEMU to run covert operations inside VMs, evading traditional host-based detection.
Read more: https://t.co/gkIubKGOwB
#QEMU#DetectionEngineering
Check out my latest blog post on #ConsentFix (a.k.a. #AuthCodeFix).
We go through, the attack flow and mechanics, detection and hunting opportunities and mitigations.
https://t.co/G9hZA3IXNV
Back with a new blog post!
#DetectionEngineering: Practicing #DetectionAsCode – Tuning - Part 8
👉 https://t.co/UGJUeeelN6
If you missed the rest of the parts you can find them here: https://t.co/ZYy8Qqu8C4
Check out my latest blog post of the series #DetectionEngineering: Practicing #DetectionAsCode for @NVISO_Labs. In this part we are exploring Continuous Delivery pipelines to deploy our detections to the target platform.
This is the follow-up you've been waiting for: The #DetectionEngineering Blog Post Part 6 by @_st0pp3r_
https://t.co/4OvjvsHrK8
You'll gain insights on manual, release-based, automatic and multitenant deployments to optimize #ContinuousDeployment processes and more.
Part 5 of the #DetectionEngineering#DetectionAsCode series is now available: https://t.co/0QQkml8Uno
In this part we are exploring versioning schemes for the content packs and detections in the repository.
Check out my latest blog for the series #DetectionEngineering - Practicing #DetectionAsCode
In this part we are looking into ways of automating documentation and the generation of a change log to track updates in the repository!
Coming up next is applying versioning schemas!
Check out part 2 of our #DetectionEngineering - Practicing #DetectionAsCode series is out! This part is all about laying the groundwork for a scalable and efficient detection repository.
🚨 BLOG ALERT 🚨
I dove into maintenance in #DetectionEngineering - why it matters so much and the paradox that won’t let me sleep at night.
This is the first post in a new series:
🦸#SigmaHQ release r2024-01-29 is here.
🌟7 New Rules
🛡️30 Rule updates
🔬11 Rule Fixes
This release includes
- #Pikabot uncommon DLL loading and updates to older Pikabot related rules.
- CodePage modification via the built-in MODE utility as seen in the wild.
- CLI and Metadata based rules for #EDRSilencer and #SharpMove
and much more included🔥You can read about this by checking the release highlight blog -> https://t.co/1flOHn6goe
Or check the full change log and start exploring this, by downloading the latest release -> https://t.co/O1rcmkiRdQ
Thanks to the many contributors that helped shape this release, specifically
@CrimpSec@frack113@Joseliyo_Jstnk@phantinuss@qasimqlf Stephen Lincoln, Swachchhanda Shrawan Poudel, t-pol, tr0mb1r, xiangchen96
@sigma_hq
I recently looked into the creation of a rule for the #NoFilter#PrivilegeEscalation#hacktool by leveraging Event IDs 5447 & 5449.
The detection is based on the static value "RonPolicy" of the PolicyName variable in the code of the tool. https://t.co/W1OK8cXXBM
#CyberSecurity