Appears using DNS-over-TLS on android "Private DNS" with a "custom provider" to sinkhole DNS requests for trackers and Ads puts a warning that the country may not be accurate because your using a proxy or VPN... Which is misleading, but I like the spirit of this move by X.

Every CTI analyst worth their salt has summited the venerable Pyramid of Pain, but I think it's time for a few other threat detection metrics to get their own monuments. Here are a few candidates for your consideration:

📢Introducing stutterAI: Unleash the power of AI in your terminal! ⭐Fix command errors with a single command. ⭐Generate commands from a description. I Need some beta testers! https://t.co/4shWw6ACoC

Interesting Take. https://t.co/Ebt4BYtMfo

This is a cool #Python project! The only thing is that when exporting the #MITRE #ATTACK layer to SVG, the Tactic row has no background; I think I identified why. Posting for attention in case someone smarter than me has time to check it out. https://t.co/5ZVGeNFId4

@mslopatto I got Bard to reason its way to answering the question correctly. I know that isn't the point of your article, but I found it interesting. Side note, Bard seems to struggle with using previous responses containing code snippets as context.

😂 https://t.co/7tdufa7kUv

#Bing actually did the best job. On follow-up questions, #GoogleBard gave some nonsense KQL queries where Bing was pretty much spot on.

I got access to #GoogleBard this morning and asked about CVE-2023-23397, and it was helpful, not perfect, unlike #ChatGPT which had no idea what I was talking about. However, I think #Bing did a good job too.

Our analysts document all investigations in our SOAR. It is common for them to look up past incidents to see how others have done previous investigations if they need guidance. As well as being able to leverage lessons learned from incidents across our client base.

As a vendor-agnostic MSSP, it is a little hard to be more specific as clients leverage different technologies with varying capabilities and log sources.

We do provide investigation guides with semi-generic steps for an investigation or at least a place to start one. We have an entire wiki built around our detection library for our analysts. I wouldn't call it a playbook but more of a launching point.

This tweet stemmed from a client asking to see our playbooks for every detection. When we said we don't do that, they said, "how do all of your analysts do the same level of investigation if they don't have clearly defined steps to follow?"

What is your opinion on per-detection playbooks for analysts? I see pros and cons. Playbooks may lead to rigid investigations that miss malicious behavior, as one can't predict all procedures used by threat actors. Though I do see a case for repeatable steps to follow...

Wrote a new rule today... Everywhere I possibly could, in the justification, description, logic, etc., I put *regsvr32* when I meant *rundll32*. Peer review can't catch a mistake if it doesn't look like one...

The idea behind @echotrailco is pretty cool, but their free tier is way too restrictive to be able to assess its benefits in a meaningful way. https://t.co/j1eleytspa

I dug up an old script for a project today... I'm glad #Symantec hadn't changed the API, it saved me so much time! Simple script to search Symantec EDR and download matching events using a single command. https://t.co/bpAS9cj5Ov

Greater Visibility Through PowerShell Logging https://t.co/y2Qud5XYpd

#notion is 🔥

The day I fell in love with #CyberSecurity was when I was 12, and I got a virus ⚠️ on my first computer from downloading music on Kazaa. I had to know how it worked, and it was all downhill from there. 🤣 Pretty much this 👇 https://t.co/ySQ5j6Yzlh