💜Adversary Simulation and Purple friends💜.I'm happy to share this simulation plan which regroups a TOP 35 @MITREattack TTPs from 22-23. Based on open source intel, it's meant to ease the onboarding of more into Purple!.Have a look at the readme #CTI #TTP.

If anyone needs to convert the DarkWebInformer json into csv here is a quick script to properly convert it: .

@MITREattack Some tuning needed depending on the model by getting the right system prompt and settings like Top K if you want good accuracy and avoid hallucination.

#CTI #LLM #RAG.If anyone wants to use RAG with their LLM for the @MITREattack I've uploaded a quick script to convert json to md. Useful in your Ollama/Open WebUI setup. Chunking/embedding done auto by OpenWebUI. Then the model can refer to the KB.

RT @windowsdev: Introducing MCP on Windows!

Finaly payload googlerestricted.ide --> msbuild.exe. @NullPwner so stealc?.

RT @MalDevAcademy: The Offensive Phishing Operations Course has been released. 81 modules are included in the initial launch, with the fir….

He's back!.

RT @craiu: The malicious JS deployed by Lazarus in the ByBit hack, 0/61 on VT.

RT @TheDFIRReport: 🌟New report out today!🌟. Confluence Exploit Leads to LockBit Ransomware. Analysis & reporting completed by Angelo Violet….

RT @MichalKoczwara: Threat Actor is using Gophish to impersonate/target KPMG (financial department). /64.227.171.144 (0/94 VT)./financeekp….

Is that a (sub)technique @MITREattack @jamieantisocial ?.". injects malicious code into. mstsc.exe"."injected code is a shellcode that loads another malicious library. to steal RDP credentials by hooking specific functions of the Windows library “SspiCli.dll”.

RT @Dinosn: Hunting for Remote Management Tools: Detecting RMMs

RT @br0k3ns0und: We are now developing @elastic threat hunting queries, alongside our detection rules, and openly sharing these as well! 🎉🎉….

Yes yes I know. yet another LOL, lol, but I believe we need this one too. Welcome to LOST: I recently added the new @msftsecurity Defender path exclusion listing technique shared by @VakninHai on WIP, we need you!. #LOLBAS #LOST

RT @OutflankNL: New Blog Alert! 🚨. Introducing Early Cascade Injection, a stealthy process injection technique that targets Windows process….

RT @magicswordio: 🚨🔥 LOLRMM IS LIVE! 🔥🚨. The wait is over, folks! 🥳🎉. We’re thrilled to announce the official release of LOLRMM — your new….

RT @binitamshah: Building an EDR From Scratch Part 1 - Intro (Endpoint Detection and Response) :

RT @HowardL3: A 9.9 CVE has been announced for Linux 👀 Remote code execution. No details yet. Heartbleed was 7.5, for reference. This is on….

RT @0xanalyst: New phishing campaign that is sent to a lot of github repo owners. Has a powershell that drops what seems to be an infosteal….

Nice ALPHV simulation plan using @redcanary #ART. I suggest using @secrisk Vectr or my spreadsheet below (shameless plug). Currently using it again to help customer map their security controls to TTPs and assess efficiency for improvement. #PurpleTeam.