dfir   919

« earlier    

Public Submissions - ANY.RUN
Interactive malware hunting service. Any environments ready for live testing most type of threats. Without install. Without waiting.
Malware  DFIR  Statistics  Virus 
19 days ago by snkhan
Hexacorn | Blog
The latest EDR sheet can be found here.
dfir  reference  security  edr  antivirus 
28 days ago by whip_lash
GitHub - clong/DetectionLab: Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices
Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices - clong/DetectionLab
ir  dfir  detection  infosec  lab  vm 
5 weeks ago by rdump
SecurityWiki - Digital Forensics ToolKit
A wiki of Guides, Scripts, Tutorials related to Cyber Security and Forensics
infosec  wiki  reference  dfir  firewalls 
6 weeks ago by z0mbi3
FIRST - Publications (2017)
APT Log Analysis - Tracking Attack Tools by Audit Policy and Sysmon -
Active Directory : How To Change a Weak Point Into a Leverage for Security Monitoring
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk)
Analytical Results of a Cyber Threat Intelligence Survey
cybersecurity  conference  first  apt  threathunting  dfir  splunk  cyberthreatintel 
6 weeks ago by bwiese
Is Encryption an NTA / NIDS / NFT Apocalypse? - Anton Chuvakin
Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead?

Keep fighting the MitM / decryption battles and you will win some and lose some, but will eventually lose the war. Will it be in 2021 or 2030? No idea when, but it will happen.
Push hard for your vendor to improve encrypted data analytics and the level of insight derived from flow-/header-level traffic data – but be aware of the hard limits of this path.
Accept that NTA will deliver less in the future due to disappearance of most (but not all) layer-7/content visibility.
Stick to the endpoint and toss your NTA out of the window
netflow  cybersecurity  analysis  dfir 
6 weeks ago by bwiese
Windows Incident Response: Basic Skillz, pt II
Okay, so that's a really good start.  Figure out what is common across all specialties, and come up with a core set of skills that are independent of OS, platform, etc., in order to determine what constitutes a "Basic DF Practitioner".
dfir 
7 weeks ago by whip_lash
Advanced Persistent Threat Activity Exploiting Managed Service Providers | US-CERT
PowerSploit is a repository of Microsoft PowerShell and Visual Basic scripts and uses system commands such as netsh
Robocopy—a Microsoft command line tool—to transfer exfiltrated and archived data
mssp  cert  cybersecurity  apt  powershell  cloud  advice  logging  dfir  ttp  china 
9 weeks ago by bwiese

« earlier    

related tags

2016  activities  address  ads  advice  age  alternate  analysis  analytics  anomaly  antivirus  api  apple  apt  audit  awesome  aws  azure  bash  bestpractices  blog  blueteamtips  bookmarks_bar  bro  c2  cert  challenge  challenges  cheatsheet  china  cloud  cloud_forensics  communication  computer_security  conference  covertchannel  created-by:ifttt  ctf  cyb451  cyb472  cyb606  cyber  cybersecurity  cyberthreatintel  data  defense  delicious  detection  devops  dns  docker  editing  edr  education  elasticsearch  elcomsoft  elk  email  event  eventlog  exchange  exfil  file  firewalls  first  for500  forensic  forensics  github  gov  gpo  graphs  group  hacking  hash  host  hunting  iad  id  incident  incidentresponse  information  infosec  integrity  intel  intelligence  ios  ir  itsec  kafka  katalov  kibana  lab  learning  linux  list  log  logging  logstash  mac  mac4n6  macos  mailbox  malware  memory  microsoft  monitoring  mssp  name  netflow  netwars  network  networking  news  nsa  nsm  ntfs  o365  office365  osx  pcap  pdf  pentesting  pfic2018  platform  policy  powershell  process  processes  python  r  raspberrypi  rat_decoder  reference  regex  registry  resource  response  reverseengineering  sans  sansfire  secops  secret  security  server  siem  snort  soar  software  splunk  statistics  stream  suricate  sysadmin  threat  threathunting  tools  training  ttp  unread  usb  utilities  virus  vm  wiki  windows  winfe 

Copy this bookmark:



description:


tags: