, 18 tweets, 14 min read
My Authors
Read all threads
A lot of mud slinging on InfoSec twitter lately; I wanted to flip the script a bit and highlight the blogs, tools, talks etc that I keep coming back to on a regular basis, both as a defender and general InfoSec professional. Thread..
Never worked with Windows logs before and don't know where to start? ➡️ ultimatewindowssecurity.com/securitylog/en…

Got the logs and need to know what to do with them? @neu5ron and @acalarch have you covered➡️irongeek.com/i.php?page=vid…
Confused about what Windows auditing to turn on? @MichaelGoughTX's cheat-sheets are an amazing resource ➡️malwarearchaeology.com/cheat-sheets

Need to send those logs to a SIEM of some kind? My man @InvokeThreatGuy show's you how ➡️invokethreat.actor/2018/09/levera…
Doing all kinds of cool PowerShell attacks in your lab and aren't seeing anything? Turn on the logging:

Need more info about WEF? ➡️blogs.technet.microsoft.com/jepayne/2015/1… by @jepayneMSFT is a must read

WEF Broken? Check out this post by @Centurion ➡️hackernoon.com/the-windows-ev…
Come across WMI and want to know more ➡️blackhat.com/docs/us-15/mat… by @mattifestation has you covered there

Want to know more about application whitelisting, advanced PowerShell / .NET tradecraft? ➡️exploit-monday.com, also by @mattifestation
Want samples of what attacks look like in logs without actually performing the attacks yourself? Two amazing projects:

➡️github.com/hunters-forge/… by @Cyb3rWard0g

➡️github.com/sbousseaden/EV… by @SBousseaden
Want a detailed breakdown of the artifacts left on the system by popular offensive security tools?

➡️jpcertcc.github.io/ToolAnalysisRe… by @jpcert_en
Want to know about Active Directory and Azure Active Directory security? @PyroTek3's work has you covered there

Sick of standard, boring Windows logs and want to 🌶️it up with Sysmon?

➡️ @SwiftOnSecurity 's config: github.com/SwiftOnSecurit…
➡️Check out @c_APT_ure 's various talks
➡️ @olafhartong 's Sysmon Modular config: github.com/olafhartong/sy…
Put your defenses to the test with awesome red team tradecraft

@curi0usJack 's talk ➡️

@FuzzySec 's GitHub repo: github.com/FuzzySecurity

@_xpn_ 's blog: blog.xpnsec.com

@TheRealWover ➡️thewover.github.io
Holy crap Sysmon doesn't log everything. It sure doesn't. Check out SilkETW (by @FuzzySec )



➡️medium.com/threat-hunters… by @cyb3rops
Now that you're cooking with gas, you want moar, check out Sigma rules by @cyb3rops & @blubbfiction

Windows logs are fun, but you want to know how the guts of malware work, @James_inthe_box, @Ledtech3, @pmelson are great follows.

@ItsReallyNick 's feed and #DailyScriptlet tag are also illuminating.
Want to grab forensic artifacts from hosts? Check out the amazing KAPE by @EricRZimmerman

Logs suck, I want to look at packets, cool. Check out this post by @4A4133


Check out Moloch full packet capture (my blog) ➡️haveyousecured.blogspot.com/2018/10/moloch…
Apologies for the obnoxious tagging, I wanted everyone to get credit where credit was due. I probably missed a ton of cool shit, but I wanted to highlight that Twitter/InfoSec isn't a constant dumpster fire; there's some amazing content being produced by some amazing folks 🎄🤶🤎
Correction: last link is by @Cyb3rWard0g, there has to be a mistake somewhere in there. Apologies!
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Anton

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!