I'm happy to announce the release of Chainsaw v2! 🥳 . Chainsaw allows users to rapidly search through Windows event logs and hunt for threats using @sigma_hq detection rules, all without a SIEM!. Version 2 includes some exciting new features, info in 🧵.

Slides from this talk are now available here:

My talk "Scaling Detection and Response Teams - Enabling Efficient Investigations" is at 3:45pm today at #BSidesLDN2023 on track 2! Come down and say hi if you're around 😀.

Scaling detection and response operations at Coinbase part 2 & 3:. 🔍 Driving context into detection logic with machine and user profiles.🔧 Codifying automatic remediation for high-risk detections.📫 Automating alert triage with employees via Slackbot.

The first part of my blog series on how we’ve been scaling detection and response operations at Coinbase is live! . Interested in speeding up your investigations, increasing the visibility of key data sources, and improving quality of life for analysts? .

Awesome to see this new feature being added to chainsaw! Great work @AlexKornitzer @56616C6F72 💪.

RT @VirtualAllocEx: With "Meterpreter vs. Modern EDR(s)" I want to show, that the shellcode of well-known C2 frameworks like Metasploit is….

RT @magerbomb: Our team at @elastic has been developing this feature for almost six years and we are excited to share our work with the sec….

RT @Purp1eW0lf: Dude, you can wipe whatever WEVTXs you want 🪠 . @HuntressLabs gon' find the user accounts, session times, machines, and met….

RT @jpgoldberg: I have never before criticized a competitor by name on the @1Password blog. This is an exception.

RT @holisticinfosec: Hunt, search, and extract Windows event log records with Chainsaw, now in #toolsmith 148. Experiments with an old #DFI….

Also, a massive shout out to @AlexKornitzer for all of his work on v2. He managed to take my “lockdown 2020 Christmas project” and turn it into a much more polished solution. ❤️.

v2 highlights💡. 📖 Support for event logs in XML and JSON format.🎯 Increased sigma rule logic support. More detections!.📘 Chainsaw output displays important information more clearly .🔎 Better filtering/searching options.🦖 Updated Velociraptor Plugin

Really cool to see this tool finally public! If you’re still viewing alert data in a jira ticket, I’d recommend checking out the approach DetectTree takes to visualise detections, it makes a massive difference.

RT @jaredcatkinson: Check out the first post in my new blog series "On Detection: From Tactical to Functional". The first post explores how….

RT @patrickwardle: macOS malware often (ab)uses APIs such as NSCreateObjectFileImageFromMemory, NSLinkModule etc) to execute in-memory payl….

RT @JimmyVo: I may be very late on this but I stumbled on @gitlab's handbook for transparency and I really enjoy reading through the report….

RT @Kostastsale: I usually make short-form satirical videos for fun, but never share them with the world. This time tho, I thought I'd make….

RT @AlleinAan: F-Secure is hiring my replacement, a new Head of Threat Intelligence, based in Europe. This is a genuinely exciting opportun….

RT @below0day: #ContiLeak Tools and Techniques.h/t: @vxunderground & @Cyberknow20 .