RT @SquiblydooBlog: Cert Central .org is live! We track and report abused code-signing certs. By submitting to the website, you contribute…

RT @NetworkDefense: In our latest Analyst Skills Vault lesson, @ForensicITGuy breaks down how to analyze and decode the Meduza stealer mal…

RT @k1nd0ne: Following the release of @volatility 2.11, VolWeb 3.13.3 is now available including most of the new plugins and a bunch of new…

RT @SecurityAura: "svchost.exe should always have services.exe as a parent process and should never be launched without any arguments/param…

The first step to getting robust detections is writing brittle ones that get bypassed and finding out in a red team report.

@mgreen27 I don’t know if it’ll help optimization wise but you can also hash it for comparison like That same rich hdr md5 gets used in VT reports. The full header might be faster though

RT @mgreen27: ##100daysofyara more yara-x > Dumping a RedCurl malware pe I saw Rich Header and thought I would give it a try. Rule: https:…

RT @cyb3rops: Fortinet FortiOS/FortiProxy CVE-2024-55591 Advisory Why you should never blindly block IP IOCs from threat reports: They co…

RT @AustinLarsen_: 🚨 New: Zero-day vulnerability CVE-2025-0282 in Ivanti Connect Secure VPN is being actively exploited, including by suspe…

RT @greypiperr: I’m building incredibly in-depth course work for Command and Control operations as well as detection engineering. This is N…

RT @greglesnewich: #100DaysofYARA we're brute forcing Steve's prompt with regular expressions :P

RT @tccontre18: Excited to share the latest Splunk Threat Research Team blog on the Meduza Stealer! This analysis breaks down the MITRE ATT…

RT @mgreen27: After reading this cool post I loooked into yara-x this afternoon and thought I would do a #100daysofyara post. Super easy f…

RT @elasticseclabs: We're starting 2025 strong. Join us on January 14th for Detection Engineering with the Elastic Global Threat Report, a…

New blog post for #100DaysofYARA , in this one I look at a VenomRAT sample and create rules based on PE metadata and an encryption salt value. #malware

#100daysofyara I like taking the approach of having multiple YARA rules to detect the same thing from different perspectives, like these rules for Cronos Crypter. One looks for just strings, another a string + encryption salt, 3rd for assembly name

RT @fr0gger_: 🤓During the #100DaysOfYara, if you are not sure how to contribute, you can always contribute to the #UnprotectProject! cc: @D…

RT @greglesnewich: #100DaysofYARA day 1 - the Amos stealer is regularly evolving and updating its obfuscation techniques You know what is…

RT @redcanary: HijackLoader—a newcomer to our monthly top 10 list—is fond of renaming executables, which presents a detection opportunity.…

RT @NetworkDefense: In our latest Analyst Skills Vault lesson, Dan Marr demonstrates how attackers use DNS Tunneling to evade defenses. He'…