Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Intezer Profile picture
@IntezerLabs
May 9 5 tweets 2 min read Twitter logo Read on Twitter
Incident Response Tip ⚡
When you need to open a file in a text editor to inspect its raw data during an investigation, here are 4 useful #VScode plugins to inspect different non-binary file types.
A thread 🧵
(1/4 useful IR plugins) Email - highlights the syntax of .eml files. marketplace.visualstudio.com/items?itemName… Image
(2/4 useful IR plugins) PDF - highlights the syntax of a raw PDF file. marketplace.visualstudio.com/items?itemName… Image
(3/4 useful IR plugins) YARA - syntax and auto-completion features for writing Yara rules.
marketplace.visualstudio.com/items?itemName… Image
(4/4 useful IR plugins) - Sigma - a powerful plugin that helps to write solid and profound rules. marketplace.visualstudio.com/items?itemName…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Intezer

Intezer Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @IntezerLabs

Intezer Profile picture
May 19, 2022
Here's a tip for creating Sigma rules.

Sometimes you want to keep your rule strict to avoid false positives, but other times it can be useful to add relevant info.

Thread 🧵

intezer.com/blog/threat-hu… Image
e.g. Emotet uses Word documents so you can extend the rule to include detection of cmd processes that execute Word, Excel, and PowerPoint. This way the detection will cover other variants of the threat.

Keep reading intezer.com/blog/threat-hu…
A good example of a rule that covers more variants of shell execution by Office software from Sigma's repo is called proc_creation_win_office_shell.yml github.com/SigmaHQ/sigma/…
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(