I've just released the 9th part of my On Detection series. In this post I demonstrate that we see actions in cyberspace at the Operational level and what that means for detection engineers.

posts.specterops.io/on-detection-t…

Detection engineering is not new to me - I have done it for decades now, in various ways - but I find value in this writeup, especially the EDR-centric aspects. I’m looking forward to breaking new ground. Thanks Jared.

Today we are releasing GraphRunner, a post-exploitation toolset for M365 and Entra ID accounts that myself and rvrsh3ll have been building for the last few months.

Read the blog post here: blackhillsinfosec.com/introducing-gr…

Code is here: github.com/dafthack/Graph…

If you're on defense, I hope you're ingesting this data.

'ask yourself whether you are building a detection for the “what” instead of the “how'

Put another way, are you detecting the tool and not the behavior?' 🧘

So surreal to finally have a copy in my hands. What a journey this has been. Thank you to everyone at No Starch Press who made this a reality.

A special #FF today. Really wanted to highlight the amazing work being done by the teams SpecterOps 🇺🇦 Binary Defense TrustedSec Elastic Security Labs Splunk
They've been dropping some amazing and next level knowledge on us all year long. Just go follow everyone working there tbh and…

BloodHound & BloodHound Enterprise, albeit serving different purposes, are used to secure Active Directory based on the advanced science of graphs & trees. Irshad Ajmal Ahmed explains how these tools work without the complex #cybersecurity jargon. ⬇️

I've just released the 9th part of my On Detection series. In this post I demonstrate that we see actions in cyberspace at the Operational level and what that means for detection engineers.

posts.specterops.io/on-detection-t…

I really enjoyed reading this post. Our job as defenders is to essentially predict not only our adversaries destination, but also which path they are most likely to take. One fundamental way to increase our ability to make accurate predictions is to eliminate potential paths…

It is out! FalconHound is now public.
github.com/FalconForceTea…

A blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion

Yesterday I spoke about FalconHound Wild West Hackin' Fest, slides to the talk:
github.com/olafhartong/Pr…

'Focus Threat Intel Capabilities at Detection Engineering (Part 4)' buff.ly/46GZDkg <- our series on detection engineering (DE) continue with Part 4 that looks at the intel flows from CTI/TI to DE.

I forgot I started this Jonny Johnson. Super easy to ingest jonmon into elastic.

I even started building an ingest pipeline for it as well, to make it more compatible with other endpoint sources.

Don't forget to check out Justin Kohler on a recent Snake Oiler edition of the Patrick Gray discussing BloodHound Enterprise.

🎧: ghst.ly/3P8XSVe

Catch Garrett at Wild West Hackin' Fest tomorrow for a demo of the Active Directory auditing tool: pre-2k

Learn more 👉 ghst.ly/3M7gGnc

These are the types of blog posts that I find myself constantly revisiting. The interaction between LSA and RPC includes a lot of misdirection, but once it is understood the pattern becomes easy to follow. Thanks for sharing Kiwids!

Later this week, we FalconForce Official will release FalconHound at Wild West Hackin' Fest , a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. Co-developed with Walter.Legowski and Gijs H. Will post the link once its out!

Yesterday I shared this thread on per-user services. You all responded with corroborative data from your environments, so I wanted write this thread highlighting your findings.
x.com/jaredcatkinson…

cc' Jeff Beley

A must read for every #DetectionEngineer and good insights for every #SecurityAnalyst