Kostas
@kostastsale.bsky.social
Anthropic basically spent the whole piece highlighting how their AI can be leveraged for intrusion activity, but didn’t give defenders a single IOC or attribution hint 😩 But hey, you now know their AI is good for pen-tests...
90% Flex
10% Value
🔗: www.anthropic.com/news/disrupt...
90% Flex
10% Value
🔗: www.anthropic.com/news/disrupt...
Disrupting the first reported AI-orchestrated cyber espionage campaign
A report describing an a highly sophisticated AI-led cyberattack
www.anthropic.com
November 14, 2025 at 1:49 AM
Anthropic basically spent the whole piece highlighting how their AI can be leveraged for intrusion activity, but didn’t give defenders a single IOC or attribution hint 😩 But hey, you now know their AI is good for pen-tests...
90% Flex
10% Value
🔗: www.anthropic.com/news/disrupt...
90% Flex
10% Value
🔗: www.anthropic.com/news/disrupt...
Just in: DoorDash breached…
“unauthorized third party gaining access to and taking certain user contact information…but may have included first and last name, phone number, email address and physical address”
Next paragraph:
“No sensitive information was accessed”
🤦♂️
“unauthorized third party gaining access to and taking certain user contact information…but may have included first and last name, phone number, email address and physical address”
Next paragraph:
“No sensitive information was accessed”
🤦♂️
November 13, 2025 at 9:22 PM
Just in: DoorDash breached…
“unauthorized third party gaining access to and taking certain user contact information…but may have included first and last name, phone number, email address and physical address”
Next paragraph:
“No sensitive information was accessed”
🤦♂️
“unauthorized third party gaining access to and taking certain user contact information…but may have included first and last name, phone number, email address and physical address”
Next paragraph:
“No sensitive information was accessed”
🤦♂️
Did a big server rack upgrade today and took cable management seriously for the first time. It all looks so neat and professional. I don’t think I could ever go back, there is something special about it😮💨
Time to put it to use 😆 Big things coming next year… watch this space!
Time to put it to use 😆 Big things coming next year… watch this space!
November 13, 2025 at 3:14 AM
Did a big server rack upgrade today and took cable management seriously for the first time. It all looks so neat and professional. I don’t think I could ever go back, there is something special about it😮💨
Time to put it to use 😆 Big things coming next year… watch this space!
Time to put it to use 😆 Big things coming next year… watch this space!
🍁🍂 Winter rides are 🔥
November 9, 2025 at 12:31 AM
🍁🍂 Winter rides are 🔥
It’s been just 1 week since launch and 150+ people have registered, shared feedback & competed on the leaderboard! Huge motivation to keep building 💪
More challenges next week and with a FREE training module coming up!!
Appreciate the support!!🙏
🔗detectionstream.com/sigma/training/gamified
More challenges next week and with a FREE training module coming up!!
Appreciate the support!!🙏
🔗detectionstream.com/sigma/training/gamified
November 8, 2025 at 6:50 PM
It’s been just 1 week since launch and 150+ people have registered, shared feedback & competed on the leaderboard! Huge motivation to keep building 💪
More challenges next week and with a FREE training module coming up!!
Appreciate the support!!🙏
🔗detectionstream.com/sigma/training/gamified
More challenges next week and with a FREE training module coming up!!
Appreciate the support!!🙏
🔗detectionstream.com/sigma/training/gamified
A new strain called PromptFlux uses Google’s Gemini to regenerate its code every hour for evasion. Its prompts are basically self-update instructions.
Imagine if you tweak the txt prompts to say “Create a 10,000-word report on...”, that'd be funny 😂💸💸
cloud.google.com/blog/topics/...
#ImposeCost😂
Imagine if you tweak the txt prompts to say “Create a 10,000-word report on...”, that'd be funny 😂💸💸
cloud.google.com/blog/topics/...
#ImposeCost😂
GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools | Google Cloud Blog
Google Threat Intelligence Group's findings on adversarial misuse of AI, including Gemini and other non-Google tools.
cloud.google.com
November 6, 2025 at 11:16 PM
A new strain called PromptFlux uses Google’s Gemini to regenerate its code every hour for evasion. Its prompts are basically self-update instructions.
Imagine if you tweak the txt prompts to say “Create a 10,000-word report on...”, that'd be funny 😂💸💸
cloud.google.com/blog/topics/...
#ImposeCost😂
Imagine if you tweak the txt prompts to say “Create a 10,000-word report on...”, that'd be funny 😂💸💸
cloud.google.com/blog/topics/...
#ImposeCost😂
Linux is finally getting some love 🐧
CrowdStrike now covers service + driver + user events, a big win for investigators tracking system-level activity.
In our testing, we only use system-level operations and ignore indirect events.
Details edr-telemetry.com/linux
CrowdStrike now covers service + driver + user events, a big win for investigators tracking system-level activity.
In our testing, we only use system-level operations and ignore indirect events.
Details edr-telemetry.com/linux
November 6, 2025 at 10:18 PM
Linux is finally getting some love 🐧
CrowdStrike now covers service + driver + user events, a big win for investigators tracking system-level activity.
In our testing, we only use system-level operations and ignore indirect events.
Details edr-telemetry.com/linux
CrowdStrike now covers service + driver + user events, a big win for investigators tracking system-level activity.
In our testing, we only use system-level operations and ignore indirect events.
Details edr-telemetry.com/linux
This is the coolest coin I’ve ever received. Huge props to @Defcon604 for everything they do for the Vancouver community. Was awesome presenting to a packed room of 50+ folks, great energy and engagement all around. 🔥
November 4, 2025 at 7:43 PM
This is the coolest coin I’ve ever received. Huge props to @Defcon604 for everything they do for the Vancouver community. Was awesome presenting to a packed room of 50+ folks, great energy and engagement all around. 🔥
When I started DetectionStream, I wanted to make learning detection frameworks less…boring. Theory is great, but where do you actually practice?
So I built something: the Sigma Training Platform. It’s basically what I wish existed when I was learning this stuff….👇
So I built something: the Sigma Training Platform. It’s basically what I wish existed when I was learning this stuff….👇
DetectionStream: Introducing the Sigma Training Platform
Introducing DetectionStream's Sigma Training Platform: Learn detection engineering through gamified challenges with real-time feedback.
kostas-ts.medium.com
November 2, 2025 at 6:33 PM
When I started DetectionStream, I wanted to make learning detection frameworks less…boring. Theory is great, but where do you actually practice?
So I built something: the Sigma Training Platform. It’s basically what I wish existed when I was learning this stuff….👇
So I built something: the Sigma Training Platform. It’s basically what I wish existed when I was learning this stuff….👇
📢DetectionStream quick update.
The 𝗦𝗶𝗴𝗺𝗮 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 is almost ready. I’m planning to launch it next week with 𝟭𝟬+ 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 you can dive into right away.
Each challenge is designed to help you:
➡️ Practice Sigma rule creation
➡️ Understand detection logic fundamentals...👇
The 𝗦𝗶𝗴𝗺𝗮 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 is almost ready. I’m planning to launch it next week with 𝟭𝟬+ 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 you can dive into right away.
Each challenge is designed to help you:
➡️ Practice Sigma rule creation
➡️ Understand detection logic fundamentals...👇
November 1, 2025 at 12:32 AM
📢DetectionStream quick update.
The 𝗦𝗶𝗴𝗺𝗮 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 is almost ready. I’m planning to launch it next week with 𝟭𝟬+ 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 you can dive into right away.
Each challenge is designed to help you:
➡️ Practice Sigma rule creation
➡️ Understand detection logic fundamentals...👇
The 𝗦𝗶𝗴𝗺𝗮 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 is almost ready. I’m planning to launch it next week with 𝟭𝟬+ 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 you can dive into right away.
Each challenge is designed to help you:
➡️ Practice Sigma rule creation
➡️ Understand detection logic fundamentals...👇
A normal InfoSec Friday be like... 😂
November 1, 2025 at 12:01 AM
A normal InfoSec Friday be like... 😂
🚀 𝗕𝗶𝗴 𝘂𝗽𝗱𝗮𝘁𝗲 𝗳𝗼𝗿 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝗦𝘁𝗿𝗲𝗮𝗺!
I’ve just rolled out authentication, unlocking new personalization features while keeping the core experience open to everyone.
• 𝗦𝗶𝗴𝗻-𝗶𝗻 𝗼𝗽𝘁𝗶𝗼𝗻𝗮𝗹: You can still explore, test, and learn without an account.
• 𝗦𝗶𝗴𝗻-𝗶𝗻 𝗲𝗻𝗵𝗮𝗻𝗰𝗲𝗱: If you do log in, you can now sa...
I’ve just rolled out authentication, unlocking new personalization features while keeping the core experience open to everyone.
• 𝗦𝗶𝗴𝗻-𝗶𝗻 𝗼𝗽𝘁𝗶𝗼𝗻𝗮𝗹: You can still explore, test, and learn without an account.
• 𝗦𝗶𝗴𝗻-𝗶𝗻 𝗲𝗻𝗵𝗮𝗻𝗰𝗲𝗱: If you do log in, you can now sa...
DetectionStream - Search, Convert & Create with Detection Frameworks
Free platform for searching, analyzing, and converting Sigma detection rules with AI-powered rule creation. Access the complete SigmaHQ repository with advanced search and multi-platform conversion.
detectionstream.com
October 24, 2025 at 4:56 PM
🚀 𝗕𝗶𝗴 𝘂𝗽𝗱𝗮𝘁𝗲 𝗳𝗼𝗿 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝗦𝘁𝗿𝗲𝗮𝗺!
I’ve just rolled out authentication, unlocking new personalization features while keeping the core experience open to everyone.
• 𝗦𝗶𝗴𝗻-𝗶𝗻 𝗼𝗽𝘁𝗶𝗼𝗻𝗮𝗹: You can still explore, test, and learn without an account.
• 𝗦𝗶𝗴𝗻-𝗶𝗻 𝗲𝗻𝗵𝗮𝗻𝗰𝗲𝗱: If you do log in, you can now sa...
I’ve just rolled out authentication, unlocking new personalization features while keeping the core experience open to everyone.
• 𝗦𝗶𝗴𝗻-𝗶𝗻 𝗼𝗽𝘁𝗶𝗼𝗻𝗮𝗹: You can still explore, test, and learn without an account.
• 𝗦𝗶𝗴𝗻-𝗶𝗻 𝗲𝗻𝗵𝗮𝗻𝗰𝗲𝗱: If you do log in, you can now sa...
I recently came across the permissive trial access that the OpenEDR platform provides, and it got me thinking, they're definitely not the only ones doing this...
So I decided to use OpenEDR as a case study to highlight a broader issue: 𝗹𝗲𝗴𝗶𝘁𝗶𝗺𝗮𝘁𝗲 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘁𝗼𝗼𝗹𝘀 𝗯𝗲𝗶𝗻𝗴 𝘄𝗲𝗮𝗽𝗼𝗻𝗶𝘇𝗲𝗱 𝗯𝘆 𝘁𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀.
So I decided to use OpenEDR as a case study to highlight a broader issue: 𝗹𝗲𝗴𝗶𝘁𝗶𝗺𝗮𝘁𝗲 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘁𝗼𝗼𝗹𝘀 𝗯𝗲𝗶𝗻𝗴 𝘄𝗲𝗮𝗽𝗼𝗻𝗶𝘇𝗲𝗱 𝗯𝘆 𝘁𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀.
Detecting Abuse of OpenEDR’s Permissive EDR Trial: A Security Researcher’s Perspective
1. Introduction
kostas-ts.medium.com
October 22, 2025 at 2:33 PM
I recently came across the permissive trial access that the OpenEDR platform provides, and it got me thinking, they're definitely not the only ones doing this...
So I decided to use OpenEDR as a case study to highlight a broader issue: 𝗹𝗲𝗴𝗶𝘁𝗶𝗺𝗮𝘁𝗲 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘁𝗼𝗼𝗹𝘀 𝗯𝗲𝗶𝗻𝗴 𝘄𝗲𝗮𝗽𝗼𝗻𝗶𝘇𝗲𝗱 𝗯𝘆 𝘁𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀.
So I decided to use OpenEDR as a case study to highlight a broader issue: 𝗹𝗲𝗴𝗶𝘁𝗶𝗺𝗮𝘁𝗲 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘁𝗼𝗼𝗹𝘀 𝗯𝗲𝗶𝗻𝗴 𝘄𝗲𝗮𝗽𝗼𝗻𝗶𝘇𝗲𝗱 𝗯𝘆 𝘁𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀.
𝗦𝗲𝗲𝗶𝗻𝗴 𝘀𝗼𝗺𝗲 𝘀𝗲𝗰𝗿𝗲𝘁𝘀𝗱𝘂𝗺𝗽 𝗮𝗰𝘁𝗶𝘃𝗶𝘁𝘆 𝗶𝗻 𝘁𝗵𝗲 𝘄𝗶𝗹𝗱 𝗹𝗮𝘁𝗲𝗹𝘆, 𝗮𝗻𝗱 𝗶𝘁’𝘀 𝘁𝗿𝗶𝗰𝗸𝘆 𝘁𝗼 𝗰𝗮𝘁𝗰𝗵 𝗯𝗲𝗰𝗮𝘂𝘀𝗲 𝗼𝗳 𝗮𝗹𝗹 𝘁𝗵𝗲 𝗳𝗮𝗹𝘀𝗲 𝗽𝗼𝘀𝗶𝘁𝗶𝘃𝗲𝘀.
The recent NetExec update (codename SmoothOperator) pushed me to share this one 👇
🔗 www.netexec.wiki/news/v1.4.0-...
𝗙𝗶𝗿𝘀𝘁 𝗲𝘃𝗲𝗻𝘁 (𝟰𝟲𝟳𝟮)
Special privileges assigned to new logon:
The recent NetExec update (codename SmoothOperator) pushed me to share this one 👇
🔗 www.netexec.wiki/news/v1.4.0-...
𝗙𝗶𝗿𝘀𝘁 𝗲𝘃𝗲𝗻𝘁 (𝟰𝟲𝟳𝟮)
Special privileges assigned to new logon:
October 22, 2025 at 4:36 AM
𝗦𝗲𝗲𝗶𝗻𝗴 𝘀𝗼𝗺𝗲 𝘀𝗲𝗰𝗿𝗲𝘁𝘀𝗱𝘂𝗺𝗽 𝗮𝗰𝘁𝗶𝘃𝗶𝘁𝘆 𝗶𝗻 𝘁𝗵𝗲 𝘄𝗶𝗹𝗱 𝗹𝗮𝘁𝗲𝗹𝘆, 𝗮𝗻𝗱 𝗶𝘁’𝘀 𝘁𝗿𝗶𝗰𝗸𝘆 𝘁𝗼 𝗰𝗮𝘁𝗰𝗵 𝗯𝗲𝗰𝗮𝘂𝘀𝗲 𝗼𝗳 𝗮𝗹𝗹 𝘁𝗵𝗲 𝗳𝗮𝗹𝘀𝗲 𝗽𝗼𝘀𝗶𝘁𝗶𝘃𝗲𝘀.
The recent NetExec update (codename SmoothOperator) pushed me to share this one 👇
🔗 www.netexec.wiki/news/v1.4.0-...
𝗙𝗶𝗿𝘀𝘁 𝗲𝘃𝗲𝗻𝘁 (𝟰𝟲𝟳𝟮)
Special privileges assigned to new logon:
The recent NetExec update (codename SmoothOperator) pushed me to share this one 👇
🔗 www.netexec.wiki/news/v1.4.0-...
𝗙𝗶𝗿𝘀𝘁 𝗲𝘃𝗲𝗻𝘁 (𝟰𝟲𝟳𝟮)
Special privileges assigned to new logon:
Here we go again… F5 disclosed a serious intrusion by a sophisticated nation-state threat actor who gained long-term access and stole files from their development and knowledge systems. Likely potential source code and undisclosed ready to exploit.
1/
1/
myF5
my.f5.com
October 17, 2025 at 4:28 AM
Here we go again… F5 disclosed a serious intrusion by a sophisticated nation-state threat actor who gained long-term access and stole files from their development and knowledge systems. Likely potential source code and undisclosed ready to exploit.
1/
1/
𝗣𝗮𝗱𝘃𝗶𝘀𝗵 𝗘𝗗𝗥 𝗯𝗲𝗰𝗼𝗺𝗲𝘀 𝘁𝗵𝗲 21𝘀𝘁 𝗮𝗱𝗱𝗶𝘁𝗶𝗼𝗻 𝘁𝗼 𝘁𝗵𝗲 𝗘𝗗𝗥 𝗧𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 🔥
Love seeing emerging vendors push this level of real-time telemetry, solid visibility through ETW, AMSI, and mini-filters.
𝗧𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆 like this helps move the whole industry forward.
Results: www.edr-telemetry.com/windows
Love seeing emerging vendors push this level of real-time telemetry, solid visibility through ETW, AMSI, and mini-filters.
𝗧𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆 like this helps move the whole industry forward.
Results: www.edr-telemetry.com/windows
October 15, 2025 at 2:31 PM
𝗣𝗮𝗱𝘃𝗶𝘀𝗵 𝗘𝗗𝗥 𝗯𝗲𝗰𝗼𝗺𝗲𝘀 𝘁𝗵𝗲 21𝘀𝘁 𝗮𝗱𝗱𝗶𝘁𝗶𝗼𝗻 𝘁𝗼 𝘁𝗵𝗲 𝗘𝗗𝗥 𝗧𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 🔥
Love seeing emerging vendors push this level of real-time telemetry, solid visibility through ETW, AMSI, and mini-filters.
𝗧𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆 like this helps move the whole industry forward.
Results: www.edr-telemetry.com/windows
Love seeing emerging vendors push this level of real-time telemetry, solid visibility through ETW, AMSI, and mini-filters.
𝗧𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆 like this helps move the whole industry forward.
Results: www.edr-telemetry.com/windows
𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗦𝘁𝗿𝗲𝗮𝗺 𝗨𝗽𝗱𝗮𝘁𝗲: Two highly requested features just went live 🚀
1. 𝗗𝗲𝗲𝗽 𝗟𝗶𝗻𝗸𝘀: share specific rules via hashtag#rule_id or full YAML
2. 𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 𝗥𝘂𝗹𝗲𝘀: export all rules matching your filters (gzip)
3. 𝗔𝗱𝗱𝗲𝗱 "𝘊𝘳𝘦𝘢𝘵𝘦 𝘳𝘶𝘭𝘦𝘴 𝘸𝘪𝘵𝘩 𝘈𝘐" functionality for both 𝗬𝗮𝗿𝗮 and 𝗡𝗼𝘃𝗮 frameworks ... continue👇
1. 𝗗𝗲𝗲𝗽 𝗟𝗶𝗻𝗸𝘀: share specific rules via hashtag#rule_id or full YAML
2. 𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 𝗥𝘂𝗹𝗲𝘀: export all rules matching your filters (gzip)
3. 𝗔𝗱𝗱𝗲𝗱 "𝘊𝘳𝘦𝘢𝘵𝘦 𝘳𝘶𝘭𝘦𝘴 𝘸𝘪𝘵𝘩 𝘈𝘐" functionality for both 𝗬𝗮𝗿𝗮 and 𝗡𝗼𝘃𝗮 frameworks ... continue👇
October 14, 2025 at 6:54 PM
𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗦𝘁𝗿𝗲𝗮𝗺 𝗨𝗽𝗱𝗮𝘁𝗲: Two highly requested features just went live 🚀
1. 𝗗𝗲𝗲𝗽 𝗟𝗶𝗻𝗸𝘀: share specific rules via hashtag#rule_id or full YAML
2. 𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 𝗥𝘂𝗹𝗲𝘀: export all rules matching your filters (gzip)
3. 𝗔𝗱𝗱𝗲𝗱 "𝘊𝘳𝘦𝘢𝘵𝘦 𝘳𝘶𝘭𝘦𝘴 𝘸𝘪𝘵𝘩 𝘈𝘐" functionality for both 𝗬𝗮𝗿𝗮 and 𝗡𝗼𝘃𝗮 frameworks ... continue👇
1. 𝗗𝗲𝗲𝗽 𝗟𝗶𝗻𝗸𝘀: share specific rules via hashtag#rule_id or full YAML
2. 𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 𝗥𝘂𝗹𝗲𝘀: export all rules matching your filters (gzip)
3. 𝗔𝗱𝗱𝗲𝗱 "𝘊𝘳𝘦𝘢𝘵𝘦 𝘳𝘶𝘭𝘦𝘴 𝘸𝘪𝘵𝘩 𝘈𝘐" functionality for both 𝗬𝗮𝗿𝗮 and 𝗡𝗼𝘃𝗮 frameworks ... continue👇
I built this tool for myself. Shared a preview here a few days ago… and wow. Didn’t expect such a strong response. Thanks everyone who reached out 🙏
Because of that energy, I pushed harder and:
➡️ Polished the Sigma experience, now with Nova integrated
➡️ Built two playgrounds for hands-on learning
Because of that energy, I pushed harder and:
➡️ Polished the Sigma experience, now with Nova integrated
➡️ Built two playgrounds for hands-on learning
September 30, 2025 at 2:31 PM
I built this tool for myself. Shared a preview here a few days ago… and wow. Didn’t expect such a strong response. Thanks everyone who reached out 🙏
Because of that energy, I pushed harder and:
➡️ Polished the Sigma experience, now with Nova integrated
➡️ Built two playgrounds for hands-on learning
Because of that energy, I pushed harder and:
➡️ Polished the Sigma experience, now with Nova integrated
➡️ Built two playgrounds for hands-on learning
I've built this platform for myself to quickly search and create detection rules. Considering that we(the DE community) have amazing platforms like Sigconverter (sigconverter.io ) and (detection fyi) detection.fyi, would anyone find value in having FREE access to this all-in-one platform?
September 27, 2025 at 12:55 AM
I've built this platform for myself to quickly search and create detection rules. Considering that we(the DE community) have amazing platforms like Sigconverter (sigconverter.io ) and (detection fyi) detection.fyi, would anyone find value in having FREE access to this all-in-one platform?
The EDR Telemetry Project revealed what EDRs can see.
➛ Now, we show how they compare.
Coming soon!
➛ Now, we show how they compare.
Coming soon!
September 25, 2025 at 5:17 PM
The EDR Telemetry Project revealed what EDRs can see.
➛ Now, we show how they compare.
Coming soon!
➛ Now, we show how they compare.
Coming soon!
There is still time to register: dfirlabs.thedfirreport.com/dfirchallenge
September 23, 2025 at 6:23 PM
There is still time to register: dfirlabs.thedfirreport.com/dfirchallenge
📢 Excited to share that 𝐁𝐢𝐭𝐝𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐄𝐃𝐑 (GravityZone Business Security Enterprise) is now part of the 𝐄𝐃𝐑 𝐓𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐟𝐚𝐦𝐢𝐥𝐲.
Bitdefender has introduced improvements to its telemetry control, no longer requiring a data retention license to change what telemetry is being sent.... 👇
Bitdefender has introduced improvements to its telemetry control, no longer requiring a data retention license to change what telemetry is being sent.... 👇
September 23, 2025 at 1:30 PM
📢 Excited to share that 𝐁𝐢𝐭𝐝𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐄𝐃𝐑 (GravityZone Business Security Enterprise) is now part of the 𝐄𝐃𝐑 𝐓𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐟𝐚𝐦𝐢𝐥𝐲.
Bitdefender has introduced improvements to its telemetry control, no longer requiring a data retention license to change what telemetry is being sent.... 👇
Bitdefender has introduced improvements to its telemetry control, no longer requiring a data retention license to change what telemetry is being sent.... 👇
🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬
The Windows table just got an update with 3 new sub-categories:
➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s
Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.
The Windows table just got an update with 3 new sub-categories:
➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s
Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.
September 17, 2025 at 2:31 PM
🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬
The Windows table just got an update with 3 new sub-categories:
➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s
Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.
The Windows table just got an update with 3 new sub-categories:
➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s
Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.
Turns out this npm compromise was a bit of a nothing burger. But imagine if the threat actors had been careful and methodical. Imagine they stayed quiet and blended in... With the access they had, they could’ve done far worse.
This time we got lucky. Next time, maybe not. Or maybe... 👇
This time we got lucky. Next time, maybe not. Or maybe... 👇
September 11, 2025 at 1:47 AM
Turns out this npm compromise was a bit of a nothing burger. But imagine if the threat actors had been careful and methodical. Imagine they stayed quiet and blended in... With the access they had, they could’ve done far worse.
This time we got lucky. Next time, maybe not. Or maybe... 👇
This time we got lucky. Next time, maybe not. Or maybe... 👇
𝗡𝗲𝘃𝗲𝗿 𝘁𝗵𝗼𝘂𝗴𝗵𝘁 𝘁𝗵𝗶𝘀 𝗽𝗿𝗼𝗷𝗲𝗰𝘁 𝘄𝗼𝘂𝗹𝗱 𝗿𝗲𝗮𝗰𝗵 𝘁𝗵𝗶𝘀 𝗸𝗶𝗻𝗱 𝗼𝗳 𝘀𝗰𝗮𝗹𝗲.
Especially not as an independent, non-corporate platform focused purely on technical content.
Started as a small side effort to compare EDR telemetry and support hunting workflows.
Now it’s here.... 👇
1/x
Especially not as an independent, non-corporate platform focused purely on technical content.
Started as a small side effort to compare EDR telemetry and support hunting workflows.
Now it’s here.... 👇
1/x
EDR Telemetry Project - Home
EDR Telemetry Project - Exploring telemetry capabilities of EDR solutions
edr-telemetry.com
September 8, 2025 at 2:30 PM
𝗡𝗲𝘃𝗲𝗿 𝘁𝗵𝗼𝘂𝗴𝗵𝘁 𝘁𝗵𝗶𝘀 𝗽𝗿𝗼𝗷𝗲𝗰𝘁 𝘄𝗼𝘂𝗹𝗱 𝗿𝗲𝗮𝗰𝗵 𝘁𝗵𝗶𝘀 𝗸𝗶𝗻𝗱 𝗼𝗳 𝘀𝗰𝗮𝗹𝗲.
Especially not as an independent, non-corporate platform focused purely on technical content.
Started as a small side effort to compare EDR telemetry and support hunting workflows.
Now it’s here.... 👇
1/x
Especially not as an independent, non-corporate platform focused purely on technical content.
Started as a small side effort to compare EDR telemetry and support hunting workflows.
Now it’s here.... 👇
1/x