Spent some time today at work playing with @msftsecurity Windows InstallerFileTakeOver LPE (CVE-2021-41379 bypass - https://t.co/jPZB2bTw71) and managed to create some detections on it. Detection will be based on Sysmon/SIEM, here we go... 1/n #threathunting #detection #dfir

🌟New report out today!🌟 From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion Analysis/reporting completed by @RussianPanda, Christos Fotopoulos, Salem Salem, reviewed by @svch0st. Audio: Available on Spotify, Apple, YouTube and more! Report:⬇️

#x33fcon 2025 talks: @dirkjan - Bringing Your Own Identity Provider to Entra for Persistence and MFA Bypasses > https://t.co/tQA79Tab2e

It's been a while since I last wrote a KQL query 🎯 Today, I published a blog post about #ZAP response time in #EOP and how we can analyze the timing using #KQL. 🎯 Blog : https://t.co/Hw0vypo0pw * There may already be other approaches or queries to measure ZAP response time

🌟New report out today!🌟 Hide Your RDP: Password Spray Leads to RansomHub Deployment Analysis and reporting completed by @tas_kmanager, @iiamaleks and UC2 🔊Audio: Available on Spotify, Apple, YouTube and more! https://t.co/jL4oy28kS0

We’re seeing a clear trend: attackers are bypassing the endpoint entirely. Not just avoiding traditional EDR-monitored systems by pivoting to embedded and edge devices, but now also operating purely in the cloud. No shell, no malware, no persistence on the endpoint. Just an OAuth

New table in Advanced Hunting 🎯 OAuthAppInfo table contains information about Microsoft 365-connected OAuth applications !! Make sure you enabled MDA App Governance !! https://t.co/w7f1Lzfsib

Just pushed a new versions for #AADInternals and AADInternals-Endpoint modules! Some bug fixes plus support for: 1️⃣ Microsoft Authentication Library (MSAL) 2️⃣ Token Protection 3️⃣ Continuous Access Evaluation (CAE)

If you're up for some Frenglish 😛 my @DEFCON talk about the XZ backdoor is now available on YouTube! And If you are at @BSidesMelbourne, come say hello—I’ll be presenting a shorter version of the talk there. 🤓 #infosec #threatintel https://t.co/eveLpPNxZh

Very happy to hear my talk has been accepted to @BSidesLondon! 💂🏻🇬🇧 This is something I’ve wanted to do for a long time. Join me to hear about a new resource I’ve created to help prevent ransomware attacks 🔒☣️

Microsoft has been running massive deception campaigns that flood new phishing sites with bogus credentials for bogus companies on MS tenants. When attackers log in, they deliver a torrent of fresh threat intelligence that can be used to defend: #infosec

Between July 2023 and June 2024, Microsoft observed nation-state threat actors conduct operations for financial gain, enlist cybercriminals to collect intelligence, and make use of the same tools and frameworks favored by cybercriminals:

I created the first draft of a website for the EDR telemetry project to help people quickly compare vendor telemetry visibility. What do you think about it? Are there any specific features you want to see for the website? Built with ChatGPT 4o with canvas (wanted to test it

I am happy to share a new resource I recently created called The Ransomware Tool Matrix: 🔗 https://t.co/2fnq9fc3ge #CTI #ThreatHunting #ThreatIntel #Ransomware

Our website is up and will be updated with all the latest informations about the conference. Have a look and give us your feedback! https://t.co/8N2jRmZqdO

If you are in MTL, come say hi! @NorthSec_io

🎁 Today I'm giving away 3 of our DFIR Labs! 🎁 To enter: ✅Follow me ✅RT & Like this post ✅Reply with which case you'd like to take The winners will be selected in 24 hours. #Giveaway

Happening now at #New2CyberSummit: @tas_kmanager and Sylvain Lu share a day in the life of detection engineers. Hear this talk: https://t.co/RKYVH52AYD #CybersecurityJourney

Would you be interested in testing LSASS dumping simulation ? 🚀 Testing script is available ↓ ↓ ✅ Simulation : https://t.co/DLIPgU2LQd #MDE #EDR #MDAV #EPP #MicrosoftSecurity

Got a new blog out today with some ideas around hunting for cloud session anomalies - I think this is a super relevant topic with cookie/token theft TTPs being all the rage these days! https://t.co/UJAZcOEgbp

Easily one of the best articles I've read this year! @cnotin: https://t.co/RSiNZW0c97