It's been one of the more eventful weeks in cybersecurity history. In my little corner of the world, it went a little something like this... 1/n
The first #log4j / #log4shell blog from #SURGe @splunk splunk.com/en_us/blog/sec… was published a week ago with @meansec leading from the front and jump-started by @DrShannon2000 and @jsy9981 2/n
Meanwhile, hundreds of Splunkers worked through last weekend to publish our official advisory. If you take one thing from this thread, it should be this! It's updated frequently and includes details about CVE-2021-45046 and more. splunk.com/en_us/blog/bul… 3/n
Welp the #SURGe @splunk team decided we had more to say, so @mlaferrera rallied the team along with @audrastreetman and @holly1g0lightly to create a follow-up blog featuring some great content from @Johan_Bjerke splunk.com/en_us/blog/sec… 4/n
Tuesday @meansec, @nohackme, @AudraStreetman & @drewchurch went live with #CoffeeTalkWithSURGe It included #log4j / #log4shell updates and my interview with @edskoudis on the #HolidayHack Challenge @kringlecon and @Splunk. More on HHC ∨∨ splk.it/3oQf9qc 5/n
And on #CoffeeTalkWithSURGe, @nohackme revealed why he's been so dang fascinated with #cyberchef and Vigenère ciphers for the past few months. 6/n 
Want that beautiful, limited, numbered @Splunk #SURGe challenge coin all for yourself? @nohackme says the auction is live!!
100% of monies will be donated to
@WiCySorg
scholarship for Kris Spalding
ebay.com/itm/1250518592… 7/n
100% of monies will be donated to
@WiCySorg
scholarship for Kris Spalding
ebay.com/itm/1250518592… 7/n
Next, @Splunk Threat Research Team (STRT) published a trove of high-quality detections. THIS is the content you want to go to production with! STRT is a rockstar team led by @d1vious with @M_haggis @mvelazco @ljstella @hackpsy @bareiss_patrick research.splunk.com/stories/log4sh… 8/n
The STRT creates more than just detections. They also publish @Splunk SOAR content to power automated investigation and response. And I have more to share from STRT in a bit, read on... research.splunk.com/playbooks/log4… and research.splunk.com/playbooks/log4… 9/n
Oh yeah, even during apocalyptic cyber weeks, holiday gifts in the workshop get coats of finish between Zooms... 10/n
Speaking of the holidays, it's @SANS #HolidayHack Challenge time, and @Splunk was honored to submit an objective. It's humbling to work with @edskoudis, @joswr1ght and @CounterHackSec. When you get some time away from #Log4J, check it out: sans.org/holidayhack 11/n
@edskoudis was nice enough to sit down for an extended interview with me! This is the longer cut of the teaser played during Tuesday's #CoffeeTalkWithSURGe. He shared so much #HolidayHack history. Coolest thing I've done in quite a while! #Coffee 12/n
The holiday season is a time for giving. #SURGe @splunk along with our executive leader Peter Polizzi and his MSTS org in coordination with @SplunkforGood teamed up to match a portion of donations to @RuralTechFund Golden Ticket Fundraiser splunk.com/en_us/blog/spl… 13/n
As of this morning, @chrissanders88 tweeted this heartwarming progress update. More community contributions, more matching, more prizes, and more crucial funding for @RuralTechFund. The Golden Ticket fundraiser is open until Dec 24, so you still have time to enter! 14/n
And did you see the others contributing to @RuralTechFund Golden Ticket? @TrustedSec @DragosInc @NetworkDefense @DNSFilter @markmorow @Microsoft Blackthorne Consulting, and more. Oh and #SURGe @Splunk :-) chrissanders.org/2021/12/golden… 15/n
Yikes, I gotta get these cutting boards going in the shop. Christmas is next week and I'm way behind... 16/n
Stocking stuffer! @stonerpsu announced the 2nd APT hunt in our(his) series. Log in for free and work with @splunk and #BOTS data to learn how to hunt #apt, explore data, via video instruction. "More hunts to come!" declares a confident John Stoner. bots.splunk.com 17/n
I need to say more about bots.splunk.com It's where we run #SURGe @splunk #BOTS CTF events, but it also offers mini-CTFs and hands-on workshops all for free any time you want. Sure, maybe not this week cuz #log4j / #log4shell and #HolidayHack but soon?!?! 18/n
FUN FACT! The top three finishing teams in #BOTS v6 @splunk .conf21 back in October got hand-made trophies from my shop! You shoulda played...(and did you know these things are why the cutting boards up there are still just a stack of 3/4" walnut?) conf.splunk.com 19/n
Okay there's more serious stuff here. STRT (mentioned way up there^^) authored a companion blog for their @splunk #log4j / #log4shell detections and SOAR content. Must read! splunk.com/en_us/blog/sec… 20/n
Then there's @stressboi, who, after a long week of leading hundreds of people in our field response to #Log4J along with @meansec, published TA-check-logFORj. Why? Just because he's Brodsky. And thank goodness he is. #thanksbrodsky
https://twitter.com/james_brodsky/status/147171590847734989521/n
Did you see that @CISAgov published comprehensive guidance for #log4j / #log4shell on GitHub? @Splunk (meaning @drewchurch) and lots of other vendors are doing their part to help the dedicated folks at CISA keep it up to date. github.com/cisagov/log4j-… 22/n
As this wild week draws to a close, I'd love to say the community has some closure on the log4j thing but we all know we're far from it. As @stonerpsu would say 23/n
I can attest that, as our advisory states, "Splunk is focused on the fastest possible remediations for CVE-2021-44228 and CVE-2021-40546." There are literally hundreds of Splunkers working around the clock, seven days a week, and I am so thankful for every one of them. 24/n
If you're a @Splunk customer, please refer to our official advisory and check back often for updates. You can also reach out to your account/customer success teams. Heck, hit me up if you need a pointer to anything.
splunk.com/en_us/blog/bul… 25/n
splunk.com/en_us/blog/bul… 25/n
Then as I hit send? This showed up!
Sorry @stressboi you have the misfortune of sharing @james_brodsky's handle on other platforms! Cheers!
And yes that is #unnecessarywalnut
• • •
Missing some Tweet in this thread? You can try to
force a refresh
