It's been one of the more eventful weeks in cybersecurity history. In my little corner of the world, it went a little something like this... 1/n
The first #log4j / #log4shell blog from #SURGe @splunk splunk.com/en_us/blog/sec… was published a week ago with @meansec leading from the front and jump-started by @DrShannon2000 and @jsy9981 2/n
Meanwhile, hundreds of Splunkers worked through last weekend to publish our official advisory. If you take one thing from this thread, it should be this! It's updated frequently and includes details about CVE-2021-45046 and more. splunk.com/en_us/blog/bul… 3/n
Welp the #SURGe @splunk team decided we had more to say, so @mlaferrera rallied the team along with @audrastreetman and @holly1g0lightly to create a follow-up blog featuring some great content from @Johan_Bjerke splunk.com/en_us/blog/sec… 4/n
Tuesday @meansec, @nohackme, @AudraStreetman & @drewchurch went live with #CoffeeTalkWithSURGe It included #log4j / #log4shell updates and my interview with @edskoudis on the #HolidayHack Challenge @kringlecon and @Splunk. More on HHC ∨∨ splk.it/3oQf9qc 5/n
And on #CoffeeTalkWithSURGe, @nohackme revealed why he's been so dang fascinated with #cyberchef and Vigenère ciphers for the past few months. 6/n
Want that beautiful, limited, numbered @Splunk #SURGe challenge coin all for yourself? @nohackme says the auction is live!!

100% of monies will be donated to
@WiCySorg
scholarship for Kris Spalding

ebay.com/itm/1250518592… 7/n
Next, @Splunk Threat Research Team (STRT) published a trove of high-quality detections. THIS is the content you want to go to production with! STRT is a rockstar team led by @d1vious with @M_haggis @mvelazco @ljstella @hackpsy @bareiss_patrick research.splunk.com/stories/log4sh… 8/n
The STRT creates more than just detections. They also publish @Splunk SOAR content to power automated investigation and response. And I have more to share from STRT in a bit, read on... research.splunk.com/playbooks/log4… and research.splunk.com/playbooks/log4… 9/n
Oh yeah, even during apocalyptic cyber weeks, holiday gifts in the workshop get coats of finish between Zooms... 10/n
Speaking of the holidays, it's @SANS #HolidayHack Challenge time, and @Splunk was honored to submit an objective. It's humbling to work with @edskoudis, @joswr1ght and @CounterHackSec. When you get some time away from #Log4J, check it out: sans.org/holidayhack 11/n
@edskoudis was nice enough to sit down for an extended interview with me! This is the longer cut of the teaser played during Tuesday's #CoffeeTalkWithSURGe. He shared so much #HolidayHack history. Coolest thing I've done in quite a while! #Coffee 12/n
The holiday season is a time for giving. #SURGe @splunk along with our executive leader Peter Polizzi and his MSTS org in coordination with @SplunkforGood teamed up to match a portion of donations to @RuralTechFund Golden Ticket Fundraiser splunk.com/en_us/blog/spl… 13/n
As of this morning, @chrissanders88 tweeted this heartwarming progress update. More community contributions, more matching, more prizes, and more crucial funding for @RuralTechFund. The Golden Ticket fundraiser is open until Dec 24, so you still have time to enter! 14/n
And did you see the others contributing to @RuralTechFund Golden Ticket? @TrustedSec @DragosInc @NetworkDefense @DNSFilter @markmorow @Microsoft Blackthorne Consulting, and more. Oh and #SURGe @Splunk :-) chrissanders.org/2021/12/golden… 15/n
Yikes, I gotta get these cutting boards going in the shop. Christmas is next week and I'm way behind... 16/n
Stocking stuffer! @stonerpsu announced the 2nd APT hunt in our(his) series. Log in for free and work with @splunk and #BOTS data to learn how to hunt #apt, explore data, via video instruction. "More hunts to come!" declares a confident John Stoner. bots.splunk.com 17/n
I need to say more about bots.splunk.com It's where we run #SURGe @splunk #BOTS CTF events, but it also offers mini-CTFs and hands-on workshops all for free any time you want. Sure, maybe not this week cuz #log4j / #log4shell and #HolidayHack but soon?!?! 18/n
FUN FACT! The top three finishing teams in #BOTS v6 @splunk .conf21 back in October got hand-made trophies from my shop! You shoulda played...(and did you know these things are why the cutting boards up there are still just a stack of 3/4" walnut?) conf.splunk.com 19/n
Okay there's more serious stuff here. STRT (mentioned way up there^^) authored a companion blog for their @splunk #log4j / #log4shell detections and SOAR content. Must read! splunk.com/en_us/blog/sec… 20/n
Then there's @stressboi, who, after a long week of leading hundreds of people in our field response to #Log4J along with @meansec, published TA-check-logFORj. Why? Just because he's Brodsky. And thank goodness he is. #thanksbrodsky 21/n
Did you see that @CISAgov published comprehensive guidance for #log4j / #log4shell on GitHub? @Splunk (meaning @drewchurch) and lots of other vendors are doing their part to help the dedicated folks at CISA keep it up to date. github.com/cisagov/log4j-… 22/n
As this wild week draws to a close, I'd love to say the community has some closure on the log4j thing but we all know we're far from it. As @stonerpsu would say 23/n
I can attest that, as our advisory states, "Splunk is focused on the fastest possible remediations for CVE-2021-44228 and CVE-2021-40546." There are literally hundreds of Splunkers working around the clock, seven days a week, and I am so thankful for every one of them. 24/n
If you're a @Splunk customer, please refer to our official advisory and check back often for updates. You can also reach out to your account/customer success teams. Heck, hit me up if you need a pointer to anything.
splunk.com/en_us/blog/bul… 25/n
Then as I hit send? This showed up!
Sorry @stressboi you have the misfortune of sharing @james_brodsky's handle on other platforms! Cheers!
And yes that is #unnecessarywalnut

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Dave Herrald

Dave Herrald Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(