Pinned toot

rest of 2020 goals in mind: 📆

:pika: Pivot at the current place

:pika: Take on board another project

:pika: Actually contribute to an open source project (now that, I'm no longer involved with open source / community software)

:pika: Contribute into an online course

:pika: Pick up a whole new skill

:pika: Keep up my blog entries on hannahsuarez.me

:pika: Continue to apply and send Cfp/talk submissions

:pika: Continue on with this ruleset submissions that has been on my mind

Pinned toot

Who moved my DNS cheese? BIND 9 DNS Log Collection and DNS Auditing hannahsuarez.github.io/2020/wh

Looking into other cloud DNS infrastructure for a potential series. What provider do you use?

Just a note that they also share options to come up and be a speaker.

Current Calls for Presentations (CFPs)

sans.org/cyber-security-summit

And subscribe to their notification list!

Show thread

WOW!! SANS Virtual Summits Will Be FREE for the Community in 2021

sans.org/blog/sans-virtual-sum

Cyber Threat Intelligence Summit
Open-Source Intelligence
ICS Security Suimit
Purple Team Summit
CloudSec Next Summit
DFIR Summit
Security Awareness Summit
Cybersecurity Leadership Summit
Cyber Defense Summit |
Threat Hunting Summit
Cloud & DevOps Security 2021
Pen Test HackFest Summit

The Report

thedfirreport.com/

Real Intrusions by Real Attackers, The Truth Behind the Intrusion

DeTT&CT aims to assist blue teams using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviours.

github.com/rabobank-cdc/DeTTEC

German prosecutors tried to prove that a ransomware attack on a hospital was to blame for someone losing their life. Their story is a warning wired.co.uk/article/ransomware

Other than my German lessons (I booked at least 22 hours incl 11 hrs class), what else can I do in the next 2-3 weeks for the rest of November?
An immersive course somewhere?
More blog posts on hannahsuarez.me for another topic?
Maybe rules for socprime?

Save the date for the virtual Purple Team Summit on Friday, November 13, 2020.

This is a community driven event for the entire Purple Team from all levels including Executives to Students. We want to get Cyber Threat Intelligence, Red Team, Blue Team, SOC, Hunt Teams, Digital Forensics and Incident Response, and everything in between together for this free conference and workshops. More details coming soon.

The Call for Presentations is now open til October 18, 2020.

scythe.io/purple-team-summit

Nice, HKCU run keys get a mention. vxug.fakedoma.in/papers/VXUG/E

Defenders can check out my post on: List of HKEY_* / Windows Registry keys and subkeys to audit based on MITRE ATT&CK, JPCert Lateral Movements analysis hannahsuarez.github.io/2019/hk and other links

Thread: twitter.com/smelly__vx/status/

+ their addition: "Note: Mitre | Att&ck does not explicitly list this technique. This technique is a pseudo-hybrid child of DLL side-loading & binary masquerading."

Collect and alert on this PowerShell code that disables Microsoft-Windows-PowerShell event logging:
Remove-EtwTraceProvider -AutologgerName EventLog-Application -Guid '{A0C1853B-5C40-4B15-8766-3CF1C58F985A}'
(from medium.com/palantir/tampering- )

Because attacks like Empire uses powershell command line parameters, which you can also add rules on your choice of siem or dashboard, see uncoder.io then "Empire PowerShell Launch Parameters"

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.