Elastalert with Sigma, (Wed, Jul 1st)
A couple of weeks ago, Remco wrote a post about Sigma(1). I’ve also been spending…
Category: SANS
ISC Snapshot: SpectX IP Hitcount Query, (Tue, Jun 30th)
SpectX was the subject of an ISC post on SpectX4DFIR back in late April. Raido from SpectX provides…
ISC Stormcast For Tuesday, June 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7060, (Tue, Jun 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Sysmon and Alternate Data Streams, (Mon, Jun 29th)
Sysmon version 11.10, released a couple of days ago, adds support for capturing content of…
ISC Stormcast For Monday, June 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7058, (Mon, Jun 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
tcp-honeypot.py Logstash Parser & Dashboard Update, (Sun, Jun 28th)
This is an update for logstash and dashboard published in January for Didier's tcp-honeypot.py honeypot…
Video: YARA's BASE64 Strings, (Sat, Jun 27th)
In diary entry YARA's BASE64 Strings, I explain the new BASE64 feature in YARA (we're…
Share the Mic in Cyber, (Fri, Jun 26th)
Today, we deviate a bit from our usual content. Instead of featuring content from one…
ISC Stormcast For Friday, June 26th 2020 https://isc.sans.edu/podcastdetail.html?id=7056, (Fri, Jun 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release., (Thu, Jun 25th)
As mentioned during our "Tech Tuesday" session, the session itself was not recorded. Instead, I…