Rafael Uetz @ru37z - Twitter Profile

ru37z retweeted

over 1 year ago

My newest blog post showcasing the Bounty Hunter Plugin was just released on the official @MITREcaldera blog! Its main contribution is intelligent #AdversaryEmulation with complete, realistic attack chains. Give it a read! #redteam #cybersecurity https://t.co/YdosLu7m4v

0

2

0

110

ru37z retweeted

L015H4CK @L015H4CK

almost 2 years ago

Interested in #AdversaryEmulation? My new blog post introduces the Bounty Hunter - a novel #Caldera plugin for intelligent cyber adversary emulation of complete, realistic cyber attack chains. Released on GitHub. https://t.co/XLLrpFHRwx #ThreatEmulation #CyberSecurity #RedTeam

L015H4CK's tweet photo. Interested in #AdversaryEmulation? My new blog post introduces the Bounty Hunter - a novel #Caldera plugin for intelligent cyber adversary emulation of complete, realistic cyber attack chains. Released on GitHub.

https://t.co/XLLrpFHRwx

#ThreatEmulation #CyberSecurity #RedTeam https://t.co/QZi7evAmC2

0

1

0

115

Rafael Uetz @ru37z

almost 2 years ago

We received a Distinguished Artifact Award for our #usesec24 paper "You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks"! 😊 https://t.co/XaudGK1Bh7

0

9

2

0

155

ru37z retweeted

Martin Henze @mrtnhnz

almost 2 years ago

Arrived in wonderful Philly to attend #usesec24 and #cset. If you are around come by and discuss any cool topics related to security of industrial networks / cyber-physical systems / IoT and/or intrusion detection (or simply to say hi to Spicy, our group mascot). 1/2

1

0

147

Who to follow

Yamato Security Tools

@SecurityYamato

Tweeting about the latest tool updates from Yamato Security Tools. 大和セキュリティツールについての情報を配信するアカウントです。 https://t.co/PiLgt4IOvV

Mauro Conti

@mauroconti_

IEEE Fellow | Full Professor @UniPadova | Affiliate Prof. @TUdelft and @UW Seattle

Felix Bilstein

@fxb_b

Security Researcher | YARA-Rules for @malpedia using YARA-Signator

Rafael Uetz @ru37z

almost 2 years ago

Looking forward to the USENIX Security Symposium and the preceding CSET Workshop next week, where I will present AMIDES (https://t.co/Z51LaWt9s9) and COMIDDS (formerly Intrusion Detection Datasets, https://t.co/h2Izxj0pG9), respectively. 🤗

0

3

0

51

Rafael Uetz @ru37z

almost 2 years ago

Our continuous survey of intrusion detection datasets is now called COMIDDS! Version 1.5.0 adds the number of citations for each surveyed dataset as well as three new datasets (AWID, OD-IDS2022, and SR-BH 2020): https://t.co/YlyfowhbTp

0

2

0

53

ru37z retweeted

Nasreddine Bencherchali

@nas_bench

about 2 years ago

In a recent discussion on SigmaHQ. L015H4CK (Louis) brought up a topic that is often forgotten or ignored. Which is the idea that PowerShell ScriptBlock logs can and will be split into different "blocks" if the script is large enough (i.e the size of one block exceeds the size of an event log msg size). This opens up an interesting area of bypass for powershell detections that are string / scrtipblock based that are applied only on a single block at a time. In theory an attacker can pad a malicious script with enough garbage data at the start so that every "malicious" string is located near the end of the block. Which in turns will make the EventLog/PowerShell provider split the string into a different block which will break the detection. This piece by Louis highlights this concept a bit more https://t.co/a5u9IcvHo5 give it a read.

4

60

16

22

12K

Rafael Uetz @ru37z

about 2 years ago

AMIDES 1.0.1 fixes a few minor bugs and improves the README file, particularly adding a TL;DR section for the eager users out there. 😁 https://t.co/ozqFEyLGRO

0

44

Rafael Uetz @ru37z

about 2 years ago

Intrusion Detection Datasets v1.4.0 is online with three new datasets described (ISOT Botnet, UNIBS, UWF-ZeekData22) and new, nice & shiny statistics plots! https://t.co/CU81n0jNGd

ru37z's tweet photo. Intrusion Detection Datasets v1.4.0 is online with three new datasets described (ISOT Botnet, UNIBS, UWF-ZeekData22) and new, nice & shiny statistics plots!
https://t.co/CU81n0jNGd https://t.co/eHGWKfeuGF

0

5

1

303

Rafael Uetz @ru37z

about 2 years ago

Intrusion Detection Datasets 1.3.0 now allows for CSV download so you can sort/filter entries and create statistics or plots. https://t.co/xRQHUiGuJq

0

3

0

37

Rafael Uetz @ru37z

about 2 years ago

New blog post: My colleague Louis analyzes how #Sigma rules may miss malicious PowerShell scripts due to unpredictable fragmentation of script block logs: https://t.co/32q2GkjTy3

0

1

0

64

Rafael Uetz @ru37z

about 2 years ago

Release 1.2.0 adds more datasets to our overview of intrusion detection datasets: CIC DoS, CIC-DDoS2019, gureKddcup, and User-Computer Authentication Associations in Time. https://t.co/L2vwUsdOBa

0

3

0

45

ru37z retweeted

ACSAC @ACSAC_Conf

about 2 years ago

Security research is often criticized for the poor reproducibility, but with #ACSAC2024 we hope to contribute to changing that! This is the first time we explicitly solicit #Reproduction and #Replication papers and we encourage everyone to submit: https://t.co/BViT5IU9xd

0

24

14

1

8K

Rafael Uetz @ru37z

over 2 years ago

Keeping up the tradition. Kudos guys! 🍻

DFRWS @DFRWS

over 2 years ago

After a great dinner last night, the Forensic Rodeo took place (courtesy of the @reverseame team, with a spectacular cosplay, thanks guys!). Congratulations to the winning team JimmyThreePockets 🥇🥇 #DFRWSEU2024

DFRWS's tweet photo. After a great dinner last night, the Forensic Rodeo took place (courtesy of the @reverseame team, with a spectacular cosplay, thanks guys!). Congratulations to the winning team JimmyThreePockets 🥇🥇
#DFRWSEU2024 https://t.co/1occ8LYSMM

1

6

1

462

0

36

Rafael Uetz @ru37z

over 2 years ago

Our overview of intrusion detection datasets now features a Related Work page with links and descriptions to surveys and dataset collections. More to come, contributions welcome! https://t.co/kIXldU41KB

0

4

0

44

Rafael Uetz @ru37z

over 2 years ago

@zeloran Wow, that was unexpected! 😄🍻 How's life?

1

0

3

Rafael Uetz @ru37z

over 2 years ago

Here's our new USENIX ;login: article, essentially a loose summary of our Security '24 paper. We show that threat detection in enterprise networks suffers from blind spots through SIEM rule evasion and present a mitigation called Adaptive Misuse Detection. https://t.co/cyBzqJqtPM

1

3

0

73

Rafael Uetz @ru37z

over 2 years ago

We just released a comprehensive overview of datasets for research in intrusion detection! Contributions welcome, please share! https://t.co/dwmxE732us

ru37z's tweet photo. We just released a comprehensive overview of datasets for research in intrusion detection! Contributions welcome, please share! https://t.co/dwmxE732us https://t.co/1i3epxYCIY

0

25

6

1K

ru37z retweeted

Florian Roth ⚡️

@cyb3rops

over 2 years ago

I have finally found the time to update my "Log Sources" slide with input from @blubbfiction @phantinuss @shellcromancer @DefensiveDepth & others Changes - added EDR, cloud & IdP logs - rewrote the texts in the legend - updated values #SIEM https://t.co/hkaRXVbVNH

cyb3rops's tweet photo. I have finally found the time to update my "Log Sources" slide with input from @blubbfiction @phantinuss @shellcromancer @DefensiveDepth & others

Changes
- added EDR, cloud & IdP logs
- rewrote the texts in the legend
- updated values

#SIEM

https://t.co/hkaRXVbVNH https://t.co/LMV9Dei98X

8

491

142

292

88K

ru37z retweeted

Malpedia @malpedia

over 2 years ago

We just deployed several updates to Malpedia. 1) There is now an RSS feed available. 2) @MsftSecIntel threat actor names have been integrated as aliases. 3) Family pages have links to @virustotal collections. 4) Library entries indicate if the article language is not English.

3

82

21

12

9K

Rafael Uetz

@ru37z

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users