RT @fabian_bader: You work with #XDR and always wanted to the process tree data outside of the Defender portal?. With XDR Story Parser you….

Hit me #TROOPERS25

Hi @GIMP_Official , why are you using in your current gimp version 2.10.38 the library liblzma-5.dll in version 5.6.1, which is a known vulnerable version of #CVE-2024-3094?.

Hey #MS #DfE guys. How do you deal with the fact that #Windows #DefenderForEndpoint sample events? We have several cases (True Positives!) where alarms were not triggered due to unlogged / not forwarded events. Do you take the risk, that you miss events and alarms?.

RT @securityfreax: We accidently built a Sysmon compatible tool with some neat features on top, like (in)direct syscall detection & more. W….

#Sysmon v15.14 out now.

RT @securityfreax: We are working on "WEASEL", a sysmon like userland application for windows security monitoring, but wihtout driver & ker….

Stay tuned, #Sysmon 15.1 will be released on 7th November. Hope this will fix this nasty performance bug, where systems freeze completely 🤞🥶.

RT @jsecurity101: Couple of issues I have found with Sysmon v15 so far: . 1. Sysmon.exe -u isn't properly uninstalling/stopping the Sysmon….

RT @olafhartong: #Sysmon 15 is out and brings a new event type, FileExecutableDetected, which allows for much more detection opportunities.….

RT @CaptnBanana: ShhPlunk: Muting the Splunk Forwarder - /

RT @AllForOsint: Hey 🕵️‍♂️#OSINT🕵️‍♀️ 👀, Mobility Portal by geOps combines maps of many aspects of #public #transport & mobility in genera….

Hey #Sysmon folks. Are you also experiencing more and more annoyed admins complaining about Sysmon performance problems since the update to 14.16? 🤔 Usually I take a look at the MS Forum, but since they changed everything, it's a mess to get an overview 🙈.

RT @trk_rdy: Another blog out today. I poked at another lsass dumping tool I heard about, check it out! #MDE .https….

RT @BSidesFRA: Checking out the location. Will be awesome in September! #bsidesfrankfurt

Damn, what happened to the #SysInternals / #Sysmon forum? Where has the clarity gone? Is this the only way to get to the so called "forum"? This is a step backwards

Maybe @NathanMcNulty ?.

Hey IT Sec folks. If you are using #ExploitGuard in #Windows, what's the difference between "Validate image dependency integrity" and "Code integrity guard"? It looks similar to me, both check the signature of the executables (signed by MS). Thx in advance.

RT @malcomvetter: [INTERACTIVE BLOG] .Did you like Choose Your Own Adventure books as a kid?.Are you fascinated by Red Team adversary trade….