Cyllex

Cyllex v0.4.0: 604 TTPs across 7 platforms. Full Azure & GCP cloud coverage, Kubernetes & Docker container testing, 4 SIEM integrations, and 21 APT group profiles in the new APT Codex. Beta is targeting late March / early April. I track progress publicly, you can see exactly where things stand at any point. One last thing: thank you. Building this solo takes time, and knowing people are actually following along makes it worth it. Every subscription, every piece of feedback, every message asking about the beta reminds me why I started this in the first place. Genuinely appreciate the support. #purpleteam #cyllexframework #aptemulation #mitre #attacksimulation

Big update!, • Events ID added to all the TTPs • SIEM correlation actually works end-to-end now. Splunk, Sentinel, and AWS SecurityHub integrated • Verify detections directly from the Campaigns panel • Run queries from within the framework itself, no need to jump between tools More news coming soon

Spent the weekend working on Cyllex: → Interactive onboarding tour → AWS TTPs (57% MITRE coverage) → Linux TTPs (22% MITRE coverage) → Windows TTPs: ADCS & ShadowCreds → LDAP Enum TTPs with multiple maturity levels → Reporting improvements → Improved agent deployment with guided instructions Next: 100% focused on TTP coverage https://t.co/YN5IFrMBIe

New post: Judgment Panda - When China Spies on its "Ally" Russia Deep dive into APT31's 3-year campaign against Russian IT contractors: → VtChatter: Using VirusTotal comments as C2 → CloudyLoader: DLL sideloading + API hashing → IOCs, YARA rules & detection scripts https://t.co/Lm2D2VKmTL