Discover and read the best of Twitter Threads about #Detection
Most recents (24)
Day 2⃣ of the #JointFinalConference has begun! Don't forget if you're not in Brussels 🇧🇪, you can watch the livestream on youtube🌐: We'll also be live tweeting the event, stay tuned to this thread!
2⃣nd day of the #JointFinalConference began with synergies between EU funded projects on🤝 #CBRNe🧪☣️☢️⚛️💣 : @peers_eu, @H2020Including, @resist_project, @VERTIgO_EDIDP #MELODY, @COVINFORM_EU, @FIREINProject, #EUBULLSEYE
#JATERROR, @NGTriageEU, @HoloZcan, @NOFEAR_EU.
#JATERROR, @NGTriageEU, @HoloZcan, @NOFEAR_EU.
@peers_eu @H2020Including @resist_project @VERTIgO_EDIDP @COVINFORM_EU @FIREINProject @NGTriageEU @HoloZcan @NOFEAR_EU @OlgaVybornova We are honored to be actively involved in the influential #CSTAC cluster, driving significant advancements in #CBRN & #standardisation projects, which was presented by @JonHall999 from @resilience247 & @CMINE_EU
1/2 Compelling share from @oliver_phil...
"Remarkably, previously #hospitalized and #nonhospitalized patients remained with decreased numbers of CD1c+ #myeloid DCs and pDCs seven months after #SARSCoV2 #infection."
#COVID19 IS NOT #mild
"Remarkably, previously #hospitalized and #nonhospitalized patients remained with decreased numbers of CD1c+ #myeloid DCs and pDCs seven months after #SARSCoV2 #infection."
#COVID19 IS NOT #mild
2/2 "Moreover, the expression of #dendritic #cell (DC) markers such as #CD86 and #CD4 were only restored in previously #nonhospitalized patients, while no restoration of integrin β7 and indoleamine 2,3-dyoxigenase (IDO) levels were observed."
#CovidIsNotOver
#CovidIsNotOver
In the last months, I have collected some awesome new #KQL sources, and this 🧵lists them.
Are you using Defender For Endpoint, Sentinel, Intune or do you want to learn KQL then have a look!
#MDE #Sentinel #Intune #Detection #ThreatHunting
Are you using Defender For Endpoint, Sentinel, Intune or do you want to learn KQL then have a look!
#MDE #Sentinel #Intune #Detection #ThreatHunting
Type: Query
By: @msftsecurity
Link: github.com/Azure/Azure-Se…
Community-based repository for a lot of available data sources in Sentinel. For the E5 detections take a look in the Microsoft 365 Defender Folder.
By: @msftsecurity
Link: github.com/Azure/Azure-Se…
Community-based repository for a lot of available data sources in Sentinel. For the E5 detections take a look in the Microsoft 365 Defender Folder.
Type: Query
By: @reprise_99
Link: github.com/reprise99/Sent…
Repository with 100s of KQL queries you can directly use. They are categorized into different Microsoft product categories. You are guaranteed to find useful queries here.
By: @reprise_99
Link: github.com/reprise99/Sent…
Repository with 100s of KQL queries you can directly use. They are categorized into different Microsoft product categories. You are guaranteed to find useful queries here.
🐲 Ghidra Tips 🐲- Malware Encryption and Hashing functions often produce byte sequences that are great for #Yara rules.
Using #Ghidra and a Text Editor - You can quickly develop Yara rules to detect common malware families.
(Demonstrated with #Qakbot)
[1/20]
#Malware #RE
Using #Ghidra and a Text Editor - You can quickly develop Yara rules to detect common malware families.
(Demonstrated with #Qakbot)
[1/20]
#Malware #RE
[2/20]
Hashing and encryption functions make good targets for #detection as they are reasonably unique to each malware family and often contain lengthy and specific byte sequences due to the mathematical operations involved.
These characteristics make for good Yara rules 😁
Hashing and encryption functions make good targets for #detection as they are reasonably unique to each malware family and often contain lengthy and specific byte sequences due to the mathematical operations involved.
These characteristics make for good Yara rules 😁
[3/20] The biggest challenge is locating the functions responsible for hashing and encryption. I'll leave that for another thread, but for now...
You can typically recognize hashing/encryption through the use of bitwise operators inside a loop. (xor ^ and shift >> etc).
You can typically recognize hashing/encryption through the use of bitwise operators inside a loop. (xor ^ and shift >> etc).
If you utilise API hashing in your #malware or offensive security tooling. Try rotating your API hashes. This can have a significant impact on #detection rates and improve your chances of remaining undetected by AV/EDR. See below for an example with a Bind Shell vs #Virustotal.
Since API hashing can be confusing, most attackers won't rotate their hashes with each iteration of malware. Those same hashes can be a reliable detection mechanism if you can recognize them in code.
Luckily finding these hashes isn't too difficult, just look for random hex values prior to a "call rbp".
If you're unsure whether the value is an API hash, just google it and see if you get any hits. Most of the time, identification can be a simple google search away.
If you're unsure whether the value is an API hash, just google it and see if you get any hits. Most of the time, identification can be a simple google search away.
The first Network Security session at #PESW (organized by @FIT_CTU) has been started by @vaclavbartos1, the chair who introduces our speaker Lukáš Hejcman @FIT_VUT & @CESNET_cz. You may still visit us in Horoměřice at pesw.fit.cvut.cz/2022 until Saturday!
Matej Hulák (@FIT_CTU & @CESNET_cz) is the second speaker. We move from Packet Capture by Lukáš H. to Traffic classification topic by Matej.
3rd speaker of "Session 3 - Traffic Capture and Detection" - Richard Plný presents #CryptoMining #detection in #network #traffic. Using #IPFIX and "weak classifiers".
Are you using any of the Microsoft Security products and/or #Sentinel? Then this thread is for you! The best resources for #KQL Advanced Hunting Queries or Analytics rules in my opinion.
#MDE #ThreatHunting #Detection #DFIR
#MDE #ThreatHunting #Detection #DFIR
github.com/reprise99/Sent… by @reprise_99. Awsome source! With the #365daysofkql series a lot of useful queries have been added. The queries are categorized by the different Microsoft products.
github.com/Azure/Azure-Se… by @msftsecurity. A lot of KQL queries can be found here, all of which are categorised on the basis of @MITREattack tactics.
Daily Bookmarks to GAVNet 12/15/2021 greeneracresvaluenetwork.wordpress.com/2021/12/15/dai…
Well-Structured German Study Shows No Deaths among Healthy German Kids Ages 5 to 11 ⋆ Brownstone Institute
brownstone.org/articles/well-…
#MedicalStudy, #germany, #COVID19, #mortality, #children, #SchoolClosures
brownstone.org/articles/well-…
#MedicalStudy, #germany, #COVID19, #mortality, #children, #SchoolClosures
Fast superhighway through the Solar System discovered - Big Think
bigthink.com/hard-science/f…
#ArchesOfChaos, #SpaceTravel, #SolarSystem, ScientificDiscovery
bigthink.com/hard-science/f…
#ArchesOfChaos, #SpaceTravel, #SolarSystem, ScientificDiscovery
Daily Bookmarks to GAVNet 12/05/2021 greeneracresvaluenetwork.wordpress.com/2021/12/05/dai…
A Nitrogen Shortage is Brewing, So What Will it Take to Cure The World's Fertilizer Deficiency?
agweb.com/news/crops/cro…
#NitrogenFertilizer #NaturalGas #prices #shortages #CropYield #projections
agweb.com/news/crops/cro…
#NitrogenFertilizer #NaturalGas #prices #shortages #CropYield #projections
Scientists Concerned About New COVID-19 Variant Detected in South Africa With High Number of Mutations
time.com/6124039/south-…
#COVID19 #evolution #variants #detection #transmissibility #virulence #PublicHealth
time.com/6124039/south-…
#COVID19 #evolution #variants #detection #transmissibility #virulence #PublicHealth
Spent some time today at work playing with @msftsecurity Windows InstallerFileTakeOver LPE (CVE-2021-41379 bypass - github.com/klinix5/Instal…) and managed to create some detections on it.
Detection will be based on Sysmon/SIEM, here we go... 1/n #threathunting #detection #dfir
Detection will be based on Sysmon/SIEM, here we go... 1/n #threathunting #detection #dfir
The exploit requires the user to overwrite elevation_service.exe with a compromised one (in this case with InstallerFileTakeOver.exe).
We can monitor this using #Sysmon event ID 11 - File Creation events:
We can monitor this using #Sysmon event ID 11 - File Creation events:
event_id:11 AND event_data.TargetFilename:*\\elevation_service.exe
Daily Bookmarks to GAVNet 11/22/2021 greeneracresvaluenetwork.wordpress.com/2021/11/22/dai…
Some thought monarch butterflies may never return. They suddenly showed up in California
usatoday.com/story/news/nat…
#MonarchButterflies #migration #sightings #populations
usatoday.com/story/news/nat…
#MonarchButterflies #migration #sightings #populations
Mathematicians Prove Symmetry of Phase Transitions
quantamagazine.org/mathematicians…
#mathematics #symmetries #RotationalInvariance #UniversalProperties #PhysicalSystems #PhaseTransitions
quantamagazine.org/mathematicians…
#mathematics #symmetries #RotationalInvariance #UniversalProperties #PhysicalSystems #PhaseTransitions
Daily Bookmarks to GAVNet 10/25/2021 greeneracresvaluenetwork.wordpress.com/2021/10/25/dai…
Capitalism’s Core Problem: The Case for Universal Property
evonomics.com/a-new-capitali…
#capitalism #UniversalProperty #PropertyRights #inequality #governance #regulation #BookReview
evonomics.com/a-new-capitali…
#capitalism #UniversalProperty #PropertyRights #inequality #governance #regulation #BookReview
Takers and Makers: Who are the Real Value Creators?
evonomics.com/value-of-every…
#value #price #SupplyAndDemand #ValueExtraction #ValueCreation #ProcessRents #economies
evonomics.com/value-of-every…
#value #price #SupplyAndDemand #ValueExtraction #ValueCreation #ProcessRents #economies
Mieux comprendre les catastrophes naturelles et nous en protéger : voici l'objectif de plusieurs services nationaux d'observation #SNO de l'INSU ⛈️🌪️☀️🌊🌋
On vous en parle toute la semaine dans ce #thread
#OnlyTogether #DRRday #CatastropheNaturelle
On vous en parle toute la semaine dans ce #thread
#OnlyTogether #DRRday #CatastropheNaturelle
@UNDRR @CNRS Le #SNO Dynalit étudie les risques qui menacent le littoral : érosion, #submersion et pollution🌊
Pour en savoir plus ➡️ insu.cnrs.fr/fr/Observation…
#OnlyTogether #DRRday #CatastropheNaturelle
Pour en savoir plus ➡️ insu.cnrs.fr/fr/Observation…
#OnlyTogether #DRRday #CatastropheNaturelle
Le #SNO BCSF-Rénass est dédié à la #détection et la localisation des #séismes en France 💣
Pour en savoir plus ➡️insu.cnrs.fr/fr/observation…
#OnlyTogether #DRRday #CatastropheNaturelle
Pour en savoir plus ➡️insu.cnrs.fr/fr/observation…
#OnlyTogether #DRRday #CatastropheNaturelle
😱Video of New Zealand PM 'smoking crack'😱
#Real or #fake? Let’s find out. 👇👇👇 1/...
#OSINT 🔎
#Verification 📹
#SpeurJeMee? 🧐 #HowToOSINT
#Real or #fake? Let’s find out. 👇👇👇 1/...
#OSINT 🔎
#Verification 📹
#SpeurJeMee? 🧐 #HowToOSINT
On 1 Oct. someone posts a video on #Twitter.
We see two videos superimposed. According to the caption , we would see the New Zealand Prime Minister Jacinda Ardern twice.
At the top she appears to be talking to #BillGates and at the bottom she appears to be using #crack. 🔞2/.
We see two videos superimposed. According to the caption , we would see the New Zealand Prime Minister Jacinda Ardern twice.
At the top she appears to be talking to #BillGates and at the bottom she appears to be using #crack. 🔞2/.
Daily Bookmarks to GAVNet 05/26/2021 greeneracresvaluenetwork.wordpress.com/2021/05/26/dai…
Universal Basic Income Workshop: Experiments, Policies, and Strategies
jainfamilyinstitute.org/news/universal…
#UniversalBasicIncome #workshop #experiments #policies #strategies
jainfamilyinstitute.org/news/universal…
#UniversalBasicIncome #workshop #experiments #policies #strategies
Daily Bookmarks to GAVNet 04/05/2021 greeneracresvaluenetwork.wordpress.com/2021/04/05/dai…
Is Joe Biden Really the Second Coming of F.D.R. and L.B.J.?
newyorker.com/news/letter-fr…
#legislation #PartisanPolitics #FederalFunding
newyorker.com/news/letter-fr…
#legislation #PartisanPolitics #FederalFunding
Mikko Packalen on Twitter and ThreadReader
threadreaderapp.com/thread/1377974…
#PandemicResponse #COVID19 #misinformation
threadreaderapp.com/thread/1377974…
#PandemicResponse #COVID19 #misinformation
Daily Bookmarks to GAVNet 03/11/2021 greeneracresvaluenetwork.wordpress.com/2021/03/11/dai…
Santa Fe Institute on Twitter and ThreadReader
threadreaderapp.com/thread/1369082…
#contributions #women #ScientificResearch
threadreaderapp.com/thread/1369082…
#contributions #women #ScientificResearch
Economic benefits of protecting nature now outweigh those of exploiting it
cam.ac.uk/stories/econom…
#EconomicBenefits #nature #protection #exploitation #research
cam.ac.uk/stories/econom…
#EconomicBenefits #nature #protection #exploitation #research
Meanwhile in #France,
"the peak of this second wave is over"
(according to the President in his Adress to the Nation):
"the peak of this second wave is over"
(according to the President in his Adress to the Nation):
Wait... "the peak is over" doesn´t mean "it´s back to normal"!
Confinement will only fall on December 15,
if there´s less than 5.000 new cases a day.
(today it´s ~9.000).
France is disappointed.🙁
Although they certainly can make it happen.
Confinement will only fall on December 15,
if there´s less than 5.000 new cases a day.
(today it´s ~9.000).
France is disappointed.🙁
Although they certainly can make it happen.
Meanwhile in #Switzerland:
(excess mortality of the second wave is significant)
Good news: fastest decrease in infections happens in the worst hit areas now.
(excess mortality of the second wave is significant)
Good news: fastest decrease in infections happens in the worst hit areas now.
So, I was trying to summarize my thoughts on why THREAT #DETECTION is hard (1/m)
Naturally, first a quip on "well, the attackers don't want to be detected" came to my mind ... (2/m)
Well, except for ransomware after they are ready ... (3/m)
As #COVID19 cases are found to spread, #Melbourne (city of ~5 million) tries to contain them by going into #Lockdown.
(The interview features the idea of a dedicated #Quarantine building - that would actually help, I guess)...
(The interview features the idea of a dedicated #Quarantine building - that would actually help, I guess)...
"People acting as if the pandemic was over was 'not the answer, it is part of the problem' ".
"The virus had leaked from postcodes already under the stay-at-home orders to other parts of #Melbourne."
(and beyond, it is feared).
"The virus had leaked from postcodes already under the stay-at-home orders to other parts of #Melbourne."
(and beyond, it is feared).
Due to #Melbourne's outbreak, neighbouring South Australia is about to completely close it's borders to #Victoria.
(Nearly) no exceptions. And those essential few who are allowed in, will have to wear facemasks the entire time...
(Nearly) no exceptions. And those essential few who are allowed in, will have to wear facemasks the entire time...
Daily Bookmarks to GAVNet 6/27/2020-2
greeneracresvaluenetwork.wordpress.com/2020/06/27/dai…
New Geometric Perspective Cracks Old Problem About Rectangles
quantamagazine.org/new-geometric-…
#geometry #perspective
greeneracresvaluenetwork.wordpress.com/2020/06/27/dai…
New Geometric Perspective Cracks Old Problem About Rectangles
quantamagazine.org/new-geometric-…
#geometry #perspective
Detecting Regions At Risk for Spreading COVID-19 Using Existing Cellular Wireless Network Functionalities - IEEE Journals & Magazine
ieeexplore.ieee.org/document/91170…
#detection #network #coronavirus #regions #wireless #cellular
ieeexplore.ieee.org/document/91170…
#detection #network #coronavirus #regions #wireless #cellular
Vorpommern-Greifswald district (where rejections of #Gütersloh residents took place, yesterday)
has specific rules:
"Those who return from international risk areas (out of Germany) or whose Corona-Warning App has alerted them, need to report to authorites"
kreis-vg.de
has specific rules:
"Those who return from international risk areas (out of Germany) or whose Corona-Warning App has alerted them, need to report to authorites"
kreis-vg.de
In fact, Mecklenburg-Vorpommern's Corona-ordinance really prohibits entry of people from international risk areas AND german risk areas as well.
It's just not prominently featured on their websites.
(Overlooked that myself, hence deleted earlier tweet)
landesrecht-mv.de/jportal/portal…
It's just not prominently featured on their websites.
(Overlooked that myself, hence deleted earlier tweet)
landesrecht-mv.de/jportal/portal…
People from #Gütersloh district may have to scrap all their holiday plans anyway...
An official #Lockdown is just being announced for the entire district.
(for one week, as of now)
An official #Lockdown is just being announced for the entire district.
(for one week, as of now)
Moving average of new cases of #COVID19 and new deaths in #India
#Gujarat has a way higher case fatality ratio than the national value, followed by #WestBengal and #MadhyaPradesh.
We need the CFR to fall to 0!
(1/3)
@aparanjape @c_aashish @MulaMutha @nebuer42 @oommen
#Gujarat has a way higher case fatality ratio than the national value, followed by #WestBengal and #MadhyaPradesh.
We need the CFR to fall to 0!
(1/3)
@aparanjape @c_aashish @MulaMutha @nebuer42 @oommen
In the next 12 states, #Telangana has the worst CFR followed by #Punjab - though the latter is lower than the national CFR.
#Uttarakhand has seen a sudden spike in deaths over the last few days, though luckily the base is low
(2/3)
#Uttarakhand has seen a sudden spike in deaths over the last few days, though luckily the base is low
(2/3)
Deaths due to #COVID19 in #India is yet to really slowdown, we need this to happen.
Early #detection, #quarantine, #treatment & #Masks4All is crucial for this.
Given that we have to live with this for a while, we need to reduce the #deaths to zero!
(3/3)
Early #detection, #quarantine, #treatment & #Masks4All is crucial for this.
Given that we have to live with this for a while, we need to reduce the #deaths to zero!
(3/3)
