#DetectionEngineering #ThreatHunting Huge List O' Resources Incoming \/ \/ \/
SIEM Rulesets (all open and free):
@MITREcorp CAR - car.mitre.org
@splunk - github.com/splunk/securit…
@elastic - github.com/elastic/detect…
@sigma_hq - github.com/SigmaHQ/sigma/…
👇🧵
SIEM Rulesets (all open and free):
@MITREcorp CAR - car.mitre.org
@splunk - github.com/splunk/securit…
@elastic - github.com/elastic/detect…
@sigma_hq - github.com/SigmaHQ/sigma/…
👇🧵
Some Free / Some Paid: SIEM Rule Marketplace @SOC_Prime: socprime.com
Great Threat Hunting Guide: threathunting.net/files/hunt-evi…
Detection engineering guide. Excellent places to look first @redcanary : redcanary.com/threat-detecti…
Great Threat Hunting Guide: threathunting.net/files/hunt-evi…
Detection engineering guide. Excellent places to look first @redcanary : redcanary.com/threat-detecti…
@SANSInstitute Hunt Evil Poster: sans.org/posters/hunt-e…
Good log source guide: "Advice on best log sources and why - Florian Roth @cyb3rops"
Good log source guide: "Advice on best log sources and why - Florian Roth @cyb3rops"
https://twitter.com/cyb3rops/status/1193191644679544834
Follow going forward and read their history of posts as if they are some of the best books written on detection engineering.
@nas_bench
@SBousseaden
@cyb3rops
@SwiftOnSecurity (caution -- only about 0.1100011011011110111001001101110% of their posts are #DetectionEngineering)
@nas_bench
@SBousseaden
@cyb3rops
@SwiftOnSecurity (caution -- only about 0.1100011011011110111001001101110% of their posts are #DetectionEngineering)
@SANSInstitute Threat Hunting & Incident Response Summits – e.g. 2021 -
A couple of my favorite SANS Instructors on Detection Engineering are @eric_conrad and @SecHubb. Look up videos and other resources from them.
A couple of my favorite SANS Instructors on Detection Engineering are @eric_conrad and @SecHubb. Look up videos and other resources from them.
Sources of IOC's:
- Mitre ATT&CK - attack.mitre.org/matrices/enter… (TTP Techniques Tactics and Procedures-Centric - Provides evidence to base rules on)
- Refer to this over and over and over again. It’s a gold mine!
- Mitre ATT&CK - attack.mitre.org/matrices/enter… (TTP Techniques Tactics and Procedures-Centric - Provides evidence to base rules on)
- Refer to this over and over and over again. It’s a gold mine!
- Top ATT&CK Techniques Published - ctid.mitre-engenuity.org/our-work/top-a…
- jpcertcc.github.io/ToolAnalysisRe…
- lolbas-project.github.io (aka lolbins)
- github.com/sophoslabs/IoCs
- github.com/3CORESec/MAL-CL
- jpcertcc.github.io/ToolAnalysisRe…
- lolbas-project.github.io (aka lolbins)
- github.com/sophoslabs/IoCs
- github.com/3CORESec/MAL-CL
- YT InfoSec Conf Talks (in particular SANS Summits and @SecurityBSides conferences)
- CERT Reports/Alerts such as: @CISAgov
- InfoSec White Papers
- InfoSec Blog Posts
- thedfirreport.com
- isc.sans.edu/diary
- CERT Reports/Alerts such as: @CISAgov
- InfoSec White Papers
- InfoSec Blog Posts
- thedfirreport.com
- isc.sans.edu/diary
- InfoSec Tweets
- Shameless plug on one I started here, when I posed the question: "What SIEM query has netted you the most evil?" -
Simulate IOC's:
- Atomic Red Team - github.com/redcanaryco/at…
- Shameless plug on one I started here, when I posed the question: "What SIEM query has netted you the most evil?" -
https://twitter.com/paul_masek/status/1443895841824051218
Simulate IOC's:
- Atomic Red Team - github.com/redcanaryco/at…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
