Top news of the week: 16.10.2020.
#toolsmith #cybersecurity #ransomware #threatintel #cyberattack #dataintegrity #ITsecurity #PurpleTeam #C2Matrix #DFIR
Mitre Attack
RT @holisticinfosec: Since I last discussed @brimsecurity use with @Cyb3rWard0g & @Cyb3rPandaH's Mordor APT29 datasets in #toolsmith 144, @OliverRochford has been hard at work for Brim, exploring further & documenting his practice well. Check out https://t.co/Ye8wsS1dSO & the prior post. Great work!
OpenInvestigating Network traffic activity using Brim and Zeek
In the last article, I shared my favourite Brim ZQL queries to begin a threat hunting investigation in Zeek data. We covered pretty…
Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators https://t.co/dKEsrgurwF by @jaivijayan #ransomware #cyberattack #threatintel #ITsecurity
OpenTreasury Dept. Advisory Shines Spotlight on Ransomware Negotiators
With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.
RT @marcusjcarey: Join @k8em0 @edskoudis @thepacketrat and this guy 10/15 2PM for an awesome panel by @arstechnica @DellTech.
Register now.
https://t.co/PnCNNuDBcv
OpenThe IT decisions businesses need to make to keep them moving forward.
Moderated by Sean Gallagher, Senior Threat Researcher, Sophos
RT @jorgeorchilles: Everything is set and ready for today's #PurpleTeam workshop! 5 host, isolated environment to attack and defend with @scythe_io and #C2Matrix @SANSInstitute Slingshot VM. Domain controller, member server, and Linux server. Will be fun!
https://t.co/c0pnOSf8Qd
OpenHands-On Purple Team Workshop
Join Jorge Orchilles, Chief Technology Officer at SCYTHE for a two hour Hands-On Purple Team Workshop on Thursday, October 29, 2020. In this two hour hands-on workshop you will play the ...
RT @DFIRmadness: The PCAP Analysis lab is now live!
This extensive guide will introduce you to investigating network traffic for malicious activity. Grab something to sip on, good tunes, and the provided PCAP for an extensive HANDS-ON lab! Happy Hunting! #DFIR #infosec
https://t.co/VhFpKnl0m4
OpenCase 001 PCAP Analysis
This PCAP Analysis lab will walk you through finding adversary activity in network traffic captured at the perimeter of victim network.
At Fal.Con 2020, we announced several new product innovations to enable "work from anywhere" and enhance the power of the Falcon platform. This blog covers them all! https://t.co/BNu6mkmTHT via @MichaelSentonas #FalConExperience https://t.co/Pvaet7i7oh
OpenFal.Con 2020: Why Cloud Security Innovation Is Critical
As we dive into Fal.Con 2020, we reflect on the key cloud security innovations announced at this year's conference and how they'll help our customers.
Windows Update can be abused to execute malicious files
The Windows Update client has just been added to the list of living-off-the-land binaries (LoLBins) attackers can use to execute malicious code on Windows systems.
Part 3 in our three-part QakBot blog series provides recommendations for countermeasures that can be deployed via the Falcon platform to prevent and contain infections before a widespread incident occurs. https://t.co/zKkDKsxCZu #cybersecurity https://t.co/mxu2k5pmUd
OpenDuck Hunting with Falcon Complete: Remediating a Fowl Banking Trojan, Part 3
In the last installment of our three-part series, the Falcon Complete team provides QakBot countermeasures that can be deployed via the CrowdStrike Falcon platform.