Recent searches

No recent searches

Search options

Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Administered by:

Server stats:

215
active users

eupolicy.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#detectionengineering

0 posts0 participants0 posts today
Threat Insight

In a new blog, Proofpoint threat research engineers disclosed their discovery of Amatera Stealer, a newly rebranded and upgraded malware-as-a-service (MaaS) version of the ACR Stealer.

Read the blog: brnw.ch/21wTvkx

While maintaining its roots in ACR Stealer, the latest variant, #Amatera, introduces new features—including sophisticated delivery mechanisms, anti-analysis defenses, and a revamped control structure—making it stealthier and dangerous.

See the Threat Research Engineering blog for IOCs and Emerging Threat signatures.

Proofpoint · Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication | Proofpoint USKey takeaways  Proofpoint identified a new, rebranded stealer based on ACR Stealer called Amatera Stealer.   It is delivered via web injects featuring sophisticated attack
#securityengineering#detectionengineering#securitycontrols
da_667

Hey Hey People,

DA Here.

Do you, have a Suricata sensor in your network?

Do you, use Suricata as a part of sandbox that you run?

Have you, been hammering away at finding evil, and want to find more?

I'm doing a webinar courtesy of OISF this Thursday. 3PM UTC, which translates to 10am EST.

I'll be talking about two things during this meeting: One, is making good use of the ET INFO rule category as an early warning system.

Sure, there is a lot of noise to sift out of ET INFO, and for that reason, some choose to just cut it entirely. I'm here to show you how to grab the stuff we've seen in our sandboxes that can help to lead anomaly detection.

In the second part of this talk, I will talk about how you can convert network and system-specific artifacts into a set of Honeytoken-like IDS rules that again, can lead to anomaly detection, and perhaps even catching advanced or unidentified threats.

Here is a link to register for the meeting: us02web.zoom.us/webinar/regist

ZoomWelcome! You are invited to join a webinar: Honeytoken IDS rules and ET INFO Rules for Anomaly Detection with Tony Robinson. After registering, you will receive a confirmation email about joining the webinar.This talk is going to be a double header, focusing on ways to spot anomalous activity for threats that may or may not have specific signatures. First, Tony will the value the ET INFO rule category can provide in spotting some of this anomalous activity. He'll discuss the rules use that provide value in spotting unusual activity, and how attendees can customize the ET INFO rule category to better suit their needs. The second part of this talk will show attendees how to use system specific artifacts to create IDS rules that can detect exfiltration of this data, for detecting anomalous activity. He'll also discuss using cyberchef to tranform and encode this data in various ways to create rules to detect obfuscation methods attackers use when exfiltrating this information. If there is time, Tony will talk about collaboration he has done with the maintainers of the secureworks dalton project that might make development of rules like this much easier.
#Suricata#EmergingThreats#DetectionEngineering
TrendingLive feeds
About