Leave the SOC grunt work to Intezer. Automatically triage alerts 24/7, respond faster, and cut out noise & false positives. Try free: https://t.co/7NqZ3ZU0OO
May 9, 2023 • 5 tweets • 2 min read
Incident Response Tip ⚡
When you need to open a file in a text editor to inspect its raw data during an investigation, here are 4 useful #VScode plugins to inspect different non-binary file types.
A thread 🧵
(1/4 useful IR plugins) Email - highlights the syntax of .eml files. marketplace.visualstudio.com/items?itemName…
May 19, 2022 • 4 tweets • 2 min read
Here's a tip for creating Sigma rules.
Sometimes you want to keep your rule strict to avoid false positives, but other times it can be useful to add relevant info.
Thread 🧵
intezer.com/blog/threat-hu…
e.g. Emotet uses Word documents so you can extend the rule to include detection of cmd processes that execute Word, Excel, and PowerPoint. This way the detection will cover other variants of the threat.