Threat Insight<p>In a new blog, Proofpoint threat research engineers disclosed their discovery of Amatera Stealer, a newly rebranded and upgraded malware-as-a-service (MaaS) version of the ACR Stealer. <br> <br>Read the blog: <a href="https://brnw.ch/21wTvkx" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">brnw.ch/21wTvkx</span><span class="invisible"></span></a></p><p>While maintaining its roots in ACR Stealer, the latest variant, <a href="https://infosec.exchange/tags/Amatera" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Amatera</span></a>, introduces new features—including sophisticated delivery mechanisms, anti-analysis defenses, and a revamped control structure—making it stealthier and dangerous.</p><p>See the Threat Research Engineering blog for IOCs and Emerging Threat signatures.</p><p><a href="https://infosec.exchange/tags/securityengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityengineering</span></a> <a href="https://infosec.exchange/tags/detectionengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>detectionengineering</span></a> <a href="https://infosec.exchange/tags/securitycontrols" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitycontrols</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
195active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#detectionengineering
0 posts · 0 participants · 0 posts today
0xFustang<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@DunhamSec" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>DunhamSec</span></a></span> Great intro about Sigma 👏 <a href="https://isaacdunham.github.io/posts/intro-detection-engineering-sigma/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">isaacdunham.github.io/posts/in</span><span class="invisible">tro-detection-engineering-sigma/</span></a> <a href="https://infosec.exchange/tags/detectionengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>detectionengineering</span></a></p>
Claus Cramon Houmann<p>According to new data, we’re really reaping the benefits of <a href="https://mastodon.social/tags/OpenTIDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenTIDE</span></a> now in terms of exclusively release speed (<a href="https://mastodon.social/tags/detectionengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>detectionengineering</span></a>) and release quality. Not even talking about all the other advantages, but those 2 numbers alone are stunning now.</p>
da_667<p>Hey Hey People,</p><p>DA Here.</p><p>Do you, have a Suricata sensor in your network?</p><p>Do you, use Suricata as a part of sandbox that you run?</p><p>Have you, been hammering away at finding evil, and want to find more?</p><p>I'm doing a webinar courtesy of OISF this Thursday. 3PM UTC, which translates to 10am EST.</p><p>I'll be talking about two things during this meeting: One, is making good use of the ET INFO rule category as an early warning system.</p><p>Sure, there is a lot of noise to sift out of ET INFO, and for that reason, some choose to just cut it entirely. I'm here to show you how to grab the stuff we've seen in our sandboxes that can help to lead anomaly detection.</p><p>In the second part of this talk, I will talk about how you can convert network and system-specific artifacts into a set of Honeytoken-like IDS rules that again, can lead to anomaly detection, and perhaps even catching advanced or unidentified threats.</p><p>Here is a link to register for the meeting: <a href="https://us02web.zoom.us/webinar/register/WN_MJogFww8S4mIpEOctaTZlw#/registration" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">us02web.zoom.us/webinar/regist</span><span class="invisible">er/WN_MJogFww8S4mIpEOctaTZlw#/registration</span></a></p><p><a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Suricata</span></a> <a href="https://infosec.exchange/tags/EmergingThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EmergingThreats</span></a> <a href="https://infosec.exchange/tags/DetectionEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DetectionEngineering</span></a> <a href="https://infosec.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://infosec.exchange/tags/OISF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OISF</span></a> <a href="https://infosec.exchange/tags/AnomalyDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AnomalyDetection</span></a></p>
Martin Boller :debian: :tux: :freebsd: :windows: :mastodon:<p>Up soon:<br>"From 0 to millions: Protecting against AitM phishing at scale"</p><ul><li>Jacob Torrey <span class="h-card" translate="no"><a href="https://mountaincommunity.co/users/jacob" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Jacob</span></a></span> </li></ul><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@hack_lu" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hack_lu</span></a></span> <a href="https://infosec.exchange/tags/hacklu2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacklu2024</span></a> <a href="https://infosec.exchange/tags/canaries" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>canaries</span></a> <a href="https://infosec.exchange/tags/Thinkst" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thinkst</span></a> <a href="https://infosec.exchange/tags/HoneyEverything" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HoneyEverything</span></a> <a href="https://infosec.exchange/tags/TTPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TTPs</span></a> <a href="https://infosec.exchange/tags/AiTM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AiTM</span></a> <a href="https://infosec.exchange/tags/Deception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Deception</span></a> <a href="https://infosec.exchange/tags/DetectionEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DetectionEngineering</span></a></p>
Martin Boller :debian: :tux: :freebsd: :windows: :mastodon:<p>Lessons Learned from (almost) 8 Years of Sigma Development</p><p>Thomas Patzke <span class="h-card" translate="no"><a href="https://infosec.exchange/@thomaspatzke" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thomaspatzke</span></a></span> <br> <a href="https://sigmahq.io" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sigmahq.io</span><span class="invisible"></span></a><br><a href="https://infosec.exchange/tags/hacklu2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacklu2024</span></a> <a href="https://infosec.exchange/tags/DetectionEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DetectionEngineering</span></a></p>
circl<p>Enhancing Detection Engineering with Automated Malware Sandboxing with <span class="h-card" translate="no"><a href="https://infosec.exchange/@kunai_project" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kunai_project</span></a></span> </p><p><a href="https://social.circl.lu/tags/detectionengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>detectionengineering</span></a> <a href="https://social.circl.lu/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://social.circl.lu/tags/edr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>edr</span></a> <a href="https://social.circl.lu/tags/sandbox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandbox</span></a> <a href="https://social.circl.lu/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://social.circl.lu/tags/threathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threathunting</span></a> </p><p>🔗 Blog post - <a href="https://www.d4-project.org/2024/10/02/Enhancing-Detection-Engineering-with-Automated-Malware-Sandboxing.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">d4-project.org/2024/10/02/Enha</span><span class="invisible">ncing-Detection-Engineering-with-Automated-Malware-Sandboxing.html</span></a><br>🔗 Git repository - <a href="https://github.com/kunai-project/sandbox" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kunai-project/sandb</span><span class="invisible">ox</span></a><br>🔗 Dataset - <a href="https://helga.circl.lu/NGSOTI/malware-dataset" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">helga.circl.lu/NGSOTI/malware-</span><span class="invisible">dataset</span></a></p>
Security Onion 🧅<p>ICYMI yesterday we released our latest video:</p><p>Tuning Rules with Security Onion Detections </p><p><a href="https://infosec.exchange/tags/DetectionEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DetectionEngineering</span></a> BY defenders FOR defenders!</p><p><a href="https://youtu.be/DelAmqtU2hg?si=i9oWkIptsdfWLVHJ" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">youtu.be/DelAmqtU2hg?si=i9oWkI</span><span class="invisible">ptsdfWLVHJ</span></a> via @YouTube</p>
Security Onion 🧅<p>Security Onion 2.4.70 now available including our new Detections interface and much more!</p><p>Tune your:<br>☑️<a href="https://infosec.exchange/tags/NIDS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NIDS</span></a> rules for <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Suricata</span></a><br>☑️<a href="https://infosec.exchange/tags/Sigma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sigma</span></a> rules for <a href="https://infosec.exchange/tags/ElastAlert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ElastAlert</span></a><br>☑️<a href="https://infosec.exchange/tags/YARA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YARA</span></a> rules for <a href="https://infosec.exchange/tags/Strelka" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Strelka</span></a></p><p>Take your <a href="https://infosec.exchange/tags/DetectionEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DetectionEngineering</span></a> game to a new level!</p><p><a href="https://blog.securityonion.net/2024/05/security-onion-2470-now-available.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.securityonion.net/2024/05</span><span class="invisible">/security-onion-2470-now-available.html</span></a></p>
Anton Chuvakin<p>"Testing in Detection Engineering (Part 8)" <a href="https://bit.ly/4aD1JTA" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bit.ly/4aD1JTA</span><span class="invisible"></span></a> <- our <a href="https://infosec.exchange/tags/DetectionEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DetectionEngineering</span></a> series continues, and we finally arrive at ... testing (does it involve the pens? maybe!)</p>
Claus Cramon Houmann<p>We added a short <a href="https://mastodon.social/tags/OpenTIDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenTIDE</span></a> release blog with basic info, how to use it and for what and with an attempt to describe the roadmap for the tool.</p><p><a href="https://code.europa.eu/groups/ec-digit-s2/opentide/-/wikis/OpenTIDE-documentation-and-blog/Blog-posts/2024-03-11-OpenTIDE-release-blog" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">code.europa.eu/groups/ec-digit</span><span class="invisible">-s2/opentide/-/wikis/OpenTIDE-documentation-and-blog/Blog-posts/2024-03-11-OpenTIDE-release-blog</span></a></p><p><a href="https://mastodon.social/tags/detectionengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>detectionengineering</span></a> <a href="https://mastodon.social/tags/DetectionOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DetectionOps</span></a></p>
Claus Cramon Houmann<p>So the day finally came! The <a href="https://mastodon.social/tags/detectionengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>detectionengineering</span></a> project we’ve been working on the last two years is now available for you as an open source project! <a href="https://mastodon.social/tags/OpenTIDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenTIDE</span></a>, available in two repos StartTIDE (everything needed to get started) and CoreTIDE (automation) formerly#TIDeMEC formerly <a href="https://mastodon.social/tags/MOLOCH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MOLOCH</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload