I recently discovered a super cool website inspection tool called Web-Check. It has a strong hacker vibe.
It lets you inspect almost everything about a website: IP details, SSL, DNS records, cookies, domain info, crawler rules, server location, redirect history, open ports, traceroute, DNSSEC, site performance, associated hostnames, and more.
https://t.co/A5B83COLK7
Just watched @datadoghq talk at @firstdotorg CTI on "Automating Cyber Threat Intelligence" https://t.co/B3TH1KShRN. Great tips on streamlining vulnerability classification, gather abuse data, and report it to customers. Also check HASH https://t.co/huQ8vyhpe0 #cti#automation
Further enhance phishing investigations with @MISPProject playbooks! 'URL Remediation' streamlines finding abuse contacts via AbuseFinder, @lookyloo_app , @FIRSTdotOrg , and RDAP, while reporting malicious sites to MSRC, Google Safe Browsing and Netcraft. https://t.co/MvPKpI524Z
🚨 New to security & Splunk SPL? We've got you covered! 🚀👩💻🕵️♂️
Here’s how to jumpstart your journey:
🎮 Boss of the SOC (BOTS):
Play hands-on scenarios to sharpen your skills! 🕹️ Start here: https://t.co/EXP6WoY44m. Bonus: Check out Chris Long's blogs (https://t.co/4kovATC4eD ) & an oldie write-up https://t.co/nugozThwf9 for tips. 🔍
🔗Check out Splunk Threat Research Security Content🔥
Up to date content covering a plethora of topics to help you get started in SPL:
⭐️ https://t.co/JLxGR4C3S3
🫂 https://t.co/NoEbUSh9dC
⚡ Sigma to SPL Conversion:
Explore detections with Sigma rules & convert to SPL using https://t.co/sysPKdLare. A great way to learn fields, data models, and more! 🛠️✨
📚 Dive into Splunk Docs:
All the details you need 👉 https://t.co/SW0PpmFOAo.
🤖 AI to the Rescue:
Claude 🟰 excellent query support. Be specific: use datamodels or share log examples. 📝
👩🏫 Get Started Now:
1️⃣ Try the Splunk Search Tutorial: https://t.co/0kL4zeicT6
2️⃣ Install free Splunk on your machine & analyze logs: https://t.co/0im8KYsJXF
🛡️ More Threat Hunting:
Tips from the team and other content:
1️⃣ https://t.co/zZAFbVTvdP
2️⃣ https://t.co/pyrpU9EOpC
Hope that helps!
CTI Threat Quantification &
Prioritization 101 - A Practical
Guide to Building (& Maintaining)
Your Cyber Threat Profile (From 2023 FIRST CTI Conference): https://t.co/78DW1SoNYI
Concluding the series of @MISPProject playbooks for malware analysis, "Query hash information" helps discovering which malware is associated with a hash. You get a MISP report on the hash investigation, peinfo details and a summary is sent to Mattermost. https://t.co/MkOShnl3px
Just released my latest analysis of Defender for Endpoint features by OS.
Targeted at folks deploying MDE to understand what can be used and where; what capabilities you might have missed; or potential customers evaluating options.
Blog + download: https://t.co/q9mnUua6Fq
This is an important one, so allow me quote it. 🔥
Primary reason: most believe they need to achieve EVENT normalization (ex.: Splunk's CIM) before actually crafting the matching queries.
Secondary reason: no clearly defined CTI framework/workflow and IOC lifecycle management.
Applied attack scenarios against SCM systems and possible mitigations by IBM X-Force. "Controlling the Source: Abusing Source Code Management Systems" https://t.co/1DMtrbYghc #DevSecOps#redteam
Microsoft is tracking threats taking advantage of the CVE-2021-44228 remote code execution (RCE) vulnerability in Apache Log4j 2 ("Log4Shell"). Get technical info and guidance for preventing, detecting, and hunting for related attacks: https://t.co/vOB7R1LXlj
There may be many ways to avoid detection :_(
jndi:
jn${env::-}di:
jn${date:}di${date:':'}
j${k8s:k5:-ND}i${sd:k5:-:}
j${main:\k5:-Nd}i${spring:k5:-:}
j${sys:k5:-nD}${lower:i${web:k5:-:}}
j${::-nD}i${::-:}
j${EnV:K5:-nD}i:
j${loWer:Nd}i${uPper::}
log4j bypass