Living off the Foreign Land Cmdlets and Binaries - In the style of LOLBins, a collection of trusted Microsoft code that can be used against remote systems through compromised hosts, not on them—away from EDR visibility. The first in a series of articles explaining their use is under Information this month.
Amitai Cohen - Thrunting Grounds: When are IOCs not IOCs? Join me on a pedantic adventure #indicators #observables #hunting
SentinelOne - macOS Malware 2023 | A Deep Dive into Emerging Trends and Evolving Techniques #macOS #malware #trends
BITSADMIN - Living Off the Foreign Land - Part 1/3: Setup Linux VM for SOCKS routing #Windows #tradecraft
Mandiant - Assessed Cyber Structure and Alignments of North Korea in 2023 #strategic #analysis #DPRK
Chris Bronk, Nathan Jones - Cyber Cases: The PICCA Framework for Documenting Geopolitically Relevant Cyber Action #analysis #frameworks #papers
Akamai - How Account Opening Abuse Affects 6 Industries #abuse #impact
UK NCSC - Ransomware, extortion and the cyber crime ecosystem #strategic #analysis #extortion #ecosystems
Randolph H. Pherson - The Five Habits of the Master Thinker #analysis #tradecraft #papers
tl;dr sec - An Overview of Software Supply Chain Security #supplychain #explainer
TEx ("Telegram Explorer") is a background agent-based system for collecting data, media, and metadata from Telegram.
SaaS Attack Matrix
MITRE ATT&CK-esque matrix of software-as-a-service (SaaS) attack patterns that, unlike ATT&CK, includes techniques that may not have been observed in the wild or cited in reports.
CLI- and web-based tool that'll guess a CPE name from keywords, which you can then use to search for CVEs.
Open source RSS feed aggregator and reader, also compatible with native desktop and mobile applications.
Name Variant Search Tool
Open source web-based tool for generating plausible variations on a person's name along with quick links to search by those variations. For example, from "John Michael Smith," the tool generates alternate names like "Jon M Smith" and "Johnny Smith."
Vertex Synapse Power-Up that integrates with IOCParser to extract atomic IOCs from text like so:
ex.iocparser.text "example.com 18.104.22.168"
...or even content located at a URL:
[inet:url=https://pylos.co/2022/11/23/detailing-daily-domain-hunting/] | ex.iocparser.url --yield
📍 McLean, VA, US & Virtual
📊 Conference Oct 24-25
🏢 MITRE campus
📍 Arlington, VA, US
📊 Conference Nov 9
🏢 Hyatt Regency Crystal City