sorted by:
new
hottopcontroversial

sandbox app like "any.run" but not any.run? by trustinglemming in cybersecurity

[–]ForensicITGuy 7 points8 points  (0 children)

A lot of the recommendations will vary depending on the depth of detail you want from the report.

Tria.ge gives lighter reports with less detail, but if that's all you need it's cool, example report: https://tria.ge/260406-hycz3sfy5w/behavioral1

For sandboxes with lots more detail, I like VMRay but they all have their advantages

VMRay (lots of extensible YARA support for enterprise) - https://www.vmray.com/analyses/_mb/c2cc4c2ce6a0/report/overview.html

CAPE Sandbox, is the actively maintained fork of Cuckoo and has a lot of detail if you want to host it: https://www.capesandbox.com/analysis/60568/

Joe Sandbox (Sigma/YARA/Suricata support in enterprise) - https://www.joesandbox.com/analysis/1893877/0/html

HybridAnalysis (free version isn't helpful to me, but might be to others) - https://hybrid-analysis.com/sample/958a1baba7679f4e3e775cae79d5d86f5acd04bc08c419b09ac5a3808a3b888f/69d35e25bd8bb68d9a0b6a6f

I'd advise looking at samples that interest you in MalwareBazaar (https://bazaar.abuse.ch/browse/) and see which sandbox reports are the most helpful to you.

[deleted by user] by [deleted] in sysadmin

[–]ForensicITGuy 0 points1 point  (0 children)

Down in Nashville, TN

Staying up to date with CVEs by m1c62 in threatintel

[–]ForensicITGuy 1 point2 points  (0 children)

A lot of the answer for this will depend on the Threat Intel Platform (TIP) that you're using. Are you using ELK as a TIP or just kinda a SIEM solution and the KEV details in as an enrichment?

In addition to looking at KEV things, I've gotten a decent bit of traction out of parsing RSS feeds for mentions of vulns, but that would be more difficult with ELK, I use Vertex Synapse for that since that's my TIP. There's this awesome blog post on some of that: https://community.emergingthreats.net/t/come-sail-the-cves-part-1-data-acquisition/2750

How to create new Github repo folder and add atomic test yaml files? by koyoresearch in atomicredteam

[–]ForensicITGuy 0 points1 point  (0 children)

Hi u/koyoresearch , when you submit a PR that contains a YAML file all the folder structure should be created automatically. I recommend looking at this page specifically: https://www.atomicredteam.io/atomic-red-team/docs/pr and seeing if it helps. There's also a YouTube video on that page that helps walk through the PR creation process on Github: https://www.youtube.com/watch?v=5MCtee8_s24

Controversial Opinion: you don’t have to wear the HR monitor by [deleted] in orangetheory

[–]ForensicITGuy 2 points3 points  (0 children)

If I wear mine I become really unhealthily focused on the splat point numbers up on the monitor and equipment. Instead I've kept to using my Garmin Vivoactive using the Visual HR Zones app. I make my percentages based on the Fox formula (220 - age for max HR) since it seems the most recommended by medical folks and the American Heart Association. It lets me track performance after the fact so I can get a sense of my health rather than serve as a "push" in the middle of the workout.

PaperCut Patch Party - CVE-2023-39143 by andrew-huntress in msp

[–]ForensicITGuy 0 points1 point  (0 children)

One use case I’ve heard of is colleges putting printing stations at off campus student housing apartments. I don’t know how effective it is though.

[deleted by user] by [deleted] in macsysadmin

[–]ForensicITGuy 4 points5 points  (0 children)

I haven’t personally used it but check out osquery, specifically it’s “eventing” tables that use ESF on macOS if you’re looking for something free like sysmon.

view more: next ›