New Course: Automated Detection with Sigma

Two courses in one week?!? We're so excited to share with you a new course that Faculty member @Imlordofthering has been working hard on for about a year now!

Automated Detection with Sigma is an introduction to using and deploying Sigma rules in a Detection as Code design. You'll learn how to read and write Sigma rules, deploy a Splunk SIEM. convert your rules to the Splunk Processing Language, and build the infrastructure to automatically convert new Sigma rules to saved and scheduled searches.

This is a hot topic and we think you'll find that it useful in both lab and enterprise environments.

Go start learning!

https://taggartinstitute.org/p/detection-with-sigma

@andrei_chiffa @bontchev @mttaggart @GossiTheDog I saw quite a few English and Russian posts from blogs that were compromised from the same format. They each had links to sometimes casinos, other times to other WordPress sites that looked compromised. My guess is some SEO scamming.

@bontchev @mttaggart @GossiTheDog

"вдолдонитесь" also yields some good hits for clearly compromised blogs:

http://www.concordia-mm.org/wordpress/premialnye-predlozheniia-kartezhnogo-zavedeniia/
https://www.industriebusinesssolutions.com/vodiashchie-dostizheniia-onlain-stavok/
https://peninsulacorpfin.com/betting-chto-sie-takovo-prostymi-obeshchaniiami-vo-motosporte-i-arbitrazhe-traffika-piatnadtsat-sposobov-zarabotat-na-bettinge/
https://dogbehavior.ro/2023/11/30/osnovnye-dostizheniia-onlainovyi-stav/

It seems that this has been going on for a while.

@GossiTheDog @mttaggart

I'm giving this attack a themesong:

https://www.youtube.com/watch?v=6qtFXEvzQPc

@GossiTheDog @mttaggart

The rabbit hole goes deeper.

Google search: `intext:"аюшки?" blog`

You'll find blogs like these ones:

http://www.bhirudhospital.com/azartnye-dialogovyi-kody-v-vidakh-interaktivnyi-igornyi-dom/
https://www.valerialaureiro.es/generalbas-otveta-banknot-v-onlain-igornyi-dom/
https://falconfreight.com/kak-vozvratit-dengi-cherez-brokera-deltsa-naibolee-a-takzhe-besplatno-arzhany-vozmite-vc-ru/
https://han55.com/2023/09/11/naskolko-mozhno-obnalichit-dengi-vo-luchshem-zdanii-dialogovyi/
https://www.lightingretrofitters.com/naskolko-mozhno-obnalichit-arzhany-vo-azartnom-zdanii-interaktivnyi/
https://bibseminarbuc.ro/?p=908

@wrentreeco I miss that team so much

“maybe the real cyberwar was all the bad takes online proclaiming CYBERWAR” (2023)

Simple HTML Phishing via Telegram Bot #phishing #telegram https://i5c.us/d29528

How much time spent making PowerPoint presentations is too much?

@FritzAdalis if only!

NEW: Cybercriminals are hitting multiple targets in France, Italy, U.S., Germany, Canada, UK and beyond.

These are all organizations that haven't patched a bug in an hypervisor that has had a fix available since 2021.

A great example of the risks of leaving vulns unpatched for...checks notes...2 years.

https://techcrunch.com/2023/02/06/hackers-vmware-esxi-ransomware/

Does Proofpoint offer a service to filter my USPS mail?

I'd definitely pay for that.

🧵​
Today's reverse engineering adventure begins when we find a suspicious file staged on paste[.]io. It's a PowerShell script that decodes a large base64 string to a file named "x.bat". Easy enough to decode, but that's just the beginning.

Today I'm the jerk who gets to call everyone out for not leaving notes on tickets... Great!

Had a long debate about what the difference is between an incident and an event and a true and a false positive.

I referenced the great article by @jfslowik quite a bit - https://blog.gigamon.com/2022/08/05/revisiting-the-idea-of-the-false-positive/

Ultimately though a lot of this has to do with business metrics and business goals. If these distinctions are the KPI of a SOC then the water gets muddy. The philosophic distinction matters less than the one that justifies your budget.

Good data makes for good science. But we're not doing science, we're doing business.

New haul, who dis?

#artificialintelligence #weedeater #titusandronicus #toroymoi #ledzeppelin #charlesmingus #vinylrecords #vinylcollection

@maslinbreach Sometimes I wish we could just turn off automated recommendations.

They are convenient sometimes, but other times I know what I want and how I want to consume things. Leave me alone, robot overlords!

https://warp.net/us/products/349643-artificial-intelligence

This is the only artificial intelligence I care about.

@taylorparizo @th3_protoCOL Didier Stevens is a godsend. His tools are amazing.