Olivia
Online
Mike Cohen
@scudette
Digital Paleontologist, digging deeper
Joined September 2009
167 Following
775 Followers
474 Posts
It was awesome to be at the @AusCERT conference this year - What an amazing event and I learned so much! See you all next year!
At @AusCERT conference we presented "Sigma and Detection Engineering with @velocidex Velociraptor". Learn how to implement real time Sigma detection with forensic enhancements.
Full presentation https://t.co/G2PNgg3DMt and slides https://t.co/xuHSuguIB5
At @AusCERT conference we presented "Sigma and Detection Engineering with @velocidex Velociraptor". Learn how to implement real time Sigma detection with forensic enhancements.
Full presentation https://t.co/G2PNgg3DMt and slides https://t.co/xuHSuguIB5
Looking forward to speaking on a panel at the @rapid7 Take Command Summit.
Register for free below as we talk about between pen testing, red teaming and the benefits of running regular security exercises.
https://t.co/TCNeRQBAAM
Velociraptor release 0.73 is now available for testing! Read about all the cool new features here https://t.co/dARJQU6rF4 .
An exciting new feature is built in timelining capability. Check the blog post here https://t.co/7gRIVEHSpB
Who to follow
We just re-published a cool blog post, on the Velociraptor Blog, by Chris Hayes from @RelianceCyber . The post illustrates the process of setting up Velociraptor using external certificates.
https://t.co/FNiWJlaINv
Original post https://t.co/y9Bl1W3SuW
Great example of VQL automation!
The incident started with a compromised server. When we extended the hunting to the entire network, we found traces of the "WayBack" campaign on a computer, which @yoroisecurity documented almost exactly three years ago [1].
We also found the exact same code as in the blog on the corresponding client in the customer's network. For three years, this and other code could have gone unnoticed in the network.
Another reason for regular compromise assessments and hunting in the internal network.
[1] https://t.co/zPbsPlIrcg
![malmoeb's tweet photo. The incident started with a compromised server. When we extended the hunting to the entire network, we found traces of the "WayBack" campaign on a computer, which @yoroisecurity documented almost exactly three years ago [1].
We also found the exact same code as in the blog on the corresponding client in the customer's network. For three years, this and other code could have gone unnoticed in the network.
Another reason for regular compromise assessments and hunting in the internal network.
[1] https://t.co/zPbsPlIrcg](https://pbs.twimg.com/media/GRbVNpTXkAA11l-.jpg)
I was so excited about the new 0.72 release of Velociraptor I just could not wait to make a quick video to show you all the new features!
#velociraptor #dfir #digitalforensics
Check it out here
https://t.co/Vg1mIlQJdj
Version 0.7.2 of @velocidex is now fully available for download! Learn what's new 👉 https://t.co/dT6faAvgBw
@Coles new shrinkflation ?
Only a few days left to secure your early bird for our Velociraptor training in Singapore. This is a rare opportunity to learn about Velociraptor and how to deploy it effectively, develop VQL artifacts and actively hunt for adversaries.
https://t.co/cqwnpgmMkv
@DebugPrivilege Excellent! Really looking forward to reading your full article. Thanks for the great content!
@DebugPrivilege Indeed, the act of passing this environment variable is a very strong signal in itself. I wrote about this approach here https://t.co/EfSzB9IJq4
@DebugPrivilege This provider can be easily switched off with the COMPlus_ETWEnabled=0 environment variable https://t.co/5KECYgZK1W
#100daysofyara targeting QuasarRAT via namespace strings observed in process memory and decompiled code. #R7Labs
@velocidex Windows.Detection.Yara.Process only returns one hit per process here as I added some groupings to minimise any FPs
https://t.co/YiIFrtD3xD
Another #100daysofyara post - #R7Labs
Source a couple of samples:
https://t.co/5ldI95VNlL
Running @velocidex Windows.Detection.Yara.Process in should detect on a running final payloads. I have focused on simple network connection & config filename strings.
https://t.co/MaYb3AOZJx
Thought I would make some posts for #100daysofyara. Not sure how often i'll post but good chance to test some triage workflow and build some pratical Velociraptor rules for automation :)
In the example below I grabbed a NanoCore sample from MalwareBazaar - https://t.co/shDy2muzHK if folks want to test.
Good rules dont need to be complex rules with good targeting. This sample injects an unbacked pe file with rwx permissions.
In this example I have targeted unbacked xrw permisssions. I have also included -rw permissions to cover .NET reflection as NanoCore is a .net binary.
Due to targeting, this query should also be quite performant.
https://t.co/ecMZXL9O4N
@chadtilbury @sansforensics @velcidex Velociraptor can parse leveldb out of the box https://t.co/V111hsjznQ . This is used in looking in to Chrome Session Storage which can be interesting https://t.co/BClOZtbpLr
We're incredibly thankful to our wonderful community of contributors, testers and enthusiasts! Without you, Velociraptor wouldn't be what it is.
To all of you, your family and friends, HAPPY THANKSGIVING!
Want a sneak peek at the upcoming Velociraptor v0.7.1?
With awesome new capabilities like built in Sigma integration and enhanced notebook functionality, you will want to download the release candidate today and test it out. Be sure to log any bugs or issues through GitHub.
https://t.co/gtDPShyIoK
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers