Lots of MSFT jobs going at the moment:. 🕵️.👻.🎯.

RT @ElroyMcThomas: MSTIC is hiring Threat Intel Analysts in the UK:

RT @MalwareRE: MSTIC is looking for Senior Security Researchers (Malware Reverse Engineers) in the US and Australia to join our MSTIC-RE te….

Not that I post too often but available at "the other place": @woany@infosec.exchange.

Yet another VirusTotal lookup tool. This one is super basic, just does SHA256 file hash report lookups currently, dumps basic data to CSV. Mainly aimed at those with Enterprise API access e.g. large batch sizes. With a batch size of 100, it does 10000 hashes in about a minute.

RT @ItsReallyNick: 👋 Microsoft security teams are hiring. Several #MSTIC roles:.•(APT technical analysis required)….

New version for etw-event-dumper (v1.0.1), fixes a BOM issue on the output file. Thanks @williballenthin for reporting!.

Prior art: @FuzzySec.

New tool (ewt-event-dumper) using code from the Mandiant SilkETW project, it's designed for bulk hooking/collection of ETW events for large numbers of ETW providers e.g. I want to collect over 150 providers, using a simple configuration:.

Updated RiskIqSharp lib, published as v1.0.0, with more API's implemented:.

@RiskIQ @PassiveTotal.

Started working on a library (.Net 6) to interact with the RiskIQ/PassiveTotal API:.

Has anyone dumped PRT's via mimikatz recently? e.g. using "Sekurlsa::cloudap" function. Tried replicating on both Win10 & Win11, all machines AAD joined, dsregcmd showing AzureADPrt: Yes.

RT @ashwinpatil: If you have been looking to do 🏹hunting at scale with 🛡️#MicrosoftSentinel we published a new blog to port our Network bea….

RT @MalwareRE: Today we are releasing an in-depth analysis of a #NOBELIUM post-exploitation backdoor that Microsoft Threat Intelligence Cen….

RT @ItsReallyNick: We’re hiring for our cyber crime / counter-ransomware intelligence mission. Senior analyst position, some details flexib….

Verifying myself: I am woany on j4guAPg049D-JylYh7zCKg5jOc5AbffYY9NJ /

RT @TimbMsft: Sysmon goodness coming to #Linux!.

New security analyst/investigator on my team (Identity).