The 2025 SANS #HolidayHack Challenge launched about an hour ago! Come have some fun building cybersecurity skills in this free @SANSInstitute gift to the community. https://t.co/k9hRtwltm8 New micro-challenges, new gamified world, new music, new game dynamics! Check it out!

🚨 Big News! Version 1.2 of the CTI-CMM framework is here! 🚨 We’re proud to officially debut this release at the FIRST CTI Conference during the talk: 🎤 "Immaturity Can Be Fun: Just Not in a CTI Program" 🎤 by @gertjanbruggink What’s new in v. 1.2? ✨ A brand-new

Automated AI Malware Reverse Engineering with MCPs for IDA and Ghidra Full VIBE RE livestream 🏝️

Special thanks to @mrexodia IDA MCP https://t.co/rr4A2QhYoN Ghidra MCP (thanks  @lauriewired  ) https://t.co/r2LVdaDQ2z Prompts, sample, and generated reports can be downloaded from Patreon here (free) https://t.co/gJcm6b5rkU

🤓 I just published my notebook on the BlackBasta chat log leak! It’s a dynamic @marimo_io notebook you can run in your browser—no setup needed. Be patient, though—it takes a few seconds to load as the notebook is heavy. Here is what I did 👇 ➡️ Generated diagrams to vizualise

🤓 I took a quick look at the BlackBasta chat log leaks, there are some interesting findings. Here is my full analysis process using Python and generative AI. A small thread👇

⚠️PSA: Curated Intel members in DFIR have noticed a trend in exploitation of CVE-2024-57727 in the SimpleHelp RMM tool to deploy Medusa ransomware. ➡️ This tool is often used by IT Managed Service Providers (MSPs) to remotely control customer endpoints and have been impacted.

ICYMI: In October 2024, we released the CTI Research Guide. It aims to help practitioners learn more about how to effectively perform the collection, processing, analysis, and production stages of the CTI lifecycle. 🔗 https://t.co/OMToNzb8vS

You likely aren't collecting all available events to the Unified Audit Log First, not all events are enabled or retained optimally. Consider creating this policy in the Purview portal (leave users and record types blank to collect everything). Retention is based on license...

🤓 Quick interesting tool for data extraction with LLM. Extract Thinker is a document intelligence tool to extract and classify structured data from documents, like an Object-Relational Mapping system for document processing workflows. Pretty useful if you need to process a

Pushed some new VPN and TOR feeds to the list. https://t.co/phoU8L9JJJ

https://t.co/Egu4pYn2uR This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools

🙌 6 Things That Will Take Your CTI Report to The Next Level These six best practices will raise the level of your threat intelligence reports. Make sure to include them! 🚦 Classify the Sensitivity of Your Report  Use an information classification framework like the Traffic

Good checklist for offboarding employees. https://t.co/euo8gyYBev Use in conjunction with this: https://t.co/hgWZAgyjgd

This looks promising - The Cloud Threat Hunting Field Manual: Azure https://t.co/dkR3X7cCJV

Today cybersecurity industry leaders launched the Cyber Threat Intelligence Capability Maturity Model @CTIcmm designed to support organizations of all sizes in CTI. 📑 Get your copy and start growing your program: https://t.co/l1sbAVCAPi 🔗 Learn more: https://t.co/pKXWg8vs79

🚨 LOLRMM Day 1 and 2 update 🚨 🔥 Spec created. Everything validates against it. 🔥 328~ RMM YAML's. Filled with artifacts. We're still working to clean a few things up - dupes, incorrect items added. We're going to need the most ❤️ here from the community. 🔥CSV, JSON API

MemProcFS 5.10 released! Support for Windows 11 24H2 added! MemProcFS - super fast memory forensics of live memory and memory dumps!

We're launching major upgrades to our scanning engine! 🌐 Live Browsing: Interact with websites in real-time, dismiss alerts, solve CAPTCHAs, and more. Real Device Scanning: High-fidelity scans with actual mobile devices. Blog: https://t.co/25liSRLzdw

Most excellent write up! Simulating a Akira Ransomware Attack with Atomic Red Team by Sebastian Kandler