This post is sponsored by detections.ai!
Tired of manually writing detection rules? detections.ai uses AI agents to convert threat intel into SIGMA, SPL, KQL, YARA rules automatically. Join 7,500+ detection engineers in the community. Use code "DEW" to get started: detections.ai
Threats: Microsoft seizes 338 RaccoonO365 sites, domains and panels, Two teenagers charged for London transport outage from August 2024, BlackLotus Labs latest research on SystemBC, Oliver Smith TTP updates for DPRK's BeaverTail malware family
* Garv Kamra's first foray into writing SIEM detections
* Jacob Zalesky first blog post ever (!) on threat hunting ideas in AWS
* Ryan Tomcik on co-occurring detection ideation using composite rules in Google SecOps
* Amitai Cohen's take on effective work & task prioritization with a gaming analogy near and dear to my heart (RTS games baby!)
* Hanif Kurniawan A. helps readers detect log source outages in Wazuh
DEW #130 - God-mode Azure vulnerability, Composite Detections & Detection Observability
In this post:
* π by Dirk-jan Mollema discloses a cross-tenant Azure vulnerability that gives access to any Azure tenant, with detection opportunities to boot!
www.detectionengineering.net/p/dew-130-go...
I'm starting a new series on Detection Engineering called the Detection Field Manual. I wanted to publish < 10 minute reads on threat detection topics I've built in the field, at conferences and our interviews for candidates at Datadog.
Here's issue 1!
www.detectionengineering.net/p/detection-...
I'm so excited to announce that Datadog Security Research is launching a FREE, fully-online, Detection Engineering focused conference called Datadog Detect!
bit.ly/datadog-detect
Our lineup is incredible with experts in the field of detection, response and threat intelligence.
Found just outside Moscone North for RSA. Now I'm pumped for my talk tomorrow. #hacktheplanet
Detection Engineering Weekly Issue 109 is live! www.detectionengineering.net/p/det-eng-we...
Detection Engineering Weekly issue 108 is live! www.detectionengineering.net/p/det-eng-we...
@sekoia.io FYI your TLS cert is showing invalid due to date expiration for *.sekoia.io
I love it when you guys go deep into a topic. The deepseek episode was a great example.
Weekly: 1 hour
Deep dives: 2-3 hours
Browns coming in last yet again
ππΏ The key macOS malware families of 2024: This past year saw a sharp rise in sophisticated campaigns targeting macOS users in the enterprise and the increasing adoption of cross-platform development frameworks.
Iβm biased, but wowβitβs so refreshing to get updates that genuinely help me better track threat actors. π₯
www.validin.com/blog/threat_...
Bout to go wheels up!
Did a security researcher at Snyk really just publish malicious packages to NPM targeting Cursor.com?
There has been for years! Just starting to see it be more impactful
π link and docs and details: nims-template.notion.site
Logo for Notion Incident Management System (NIMS)
π Excited to announce the alpha release of NIMS - a Notion-based Incident Management System!
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
"North Korea-nexus Golang Backdoor/Stealer from Contagious Interview campaign" published by dmpdump. #ContagiousInterview, #DPRK, #CTI https://dmpdump.github.io/posts/NorthKorea_Backdoor_Stealer/
Hi wanna βmake plansβ?
A SKLEATON WHO DOSENT HAVE THAT MUCH SPARE TIME FLICKEN OFF THERE COMPUTER YET AGAIN, BECUASE THE SOLUTION TO THERE PROBLEM IS TO DOCKER SOME KIND OF SHIT FROM OPEN SOURCE OR WHAT EVER, BIG NO THANK'S TO THAT , AND DA TEXT SAYS "THE ONLY DOCKER MY ASS IS EVER GONGA INSTALL IS STAIN RESISTENE BROWN WORK PANTS" - DASHARE.ZONE ADMIN - I WILL NEVER USE "GO" I WILL NEVER APT-GET DA ONLY PACKAGE IM INTRESTED IN HAS A BOW ON TOP AND IT S FROM SANTA MOTHER FUCKER - DASHARE.ZONE ADMIN
IF IT AINT EXECUTTABLE IT AINT FOR ME - dashare.zone ADMIN
Read the book twice and watched the series several times. Captain Winters is one of the top 3 leaders I try to emulate
We still have a βpurityβ problem in infosec. People want super technical resources but donβt want them to advertise anything to survive or grow their brand. They want a mold that looks like DEFCON 2005 and hate anything that looks different. Doesnβt seem very hacker to me π€·
Even with the OPs main text, those are all great resources. Thereβs some actual charlatans like jonathandata1, but 95% of the people posted come from posters who seem just upset that they are not technical enough to their standards
The cybersecurity subreddit has a thread on influencers and βwho to avoid because of xyzβ. These threads irk me because thereβs no clear measurement and lots of gate keeping around who is allowed to post stuff and who isnβt. www.reddit.com/r/cybersecur...
Iβve been pretty sick for the last 2 weeks, but Christmas holiday has been a much needed break for rest and recovery.
Take care of yourselves people; I think stress contributed a ton to this, and being mindful and in the present has helped me out a lot.
And lots of Christmas food.
