Kostas
@kostastsale.bsky.social
Running ➡ http://defendpoint.ca | http://edr-telemetry.com | https://edr-comparison.com/ | http://detectionstream.com | 🇬🇷🇨🇦
We have added a new analysis Skill thanks to @BlueTeamSteve! This skill can be used to quickly and accurately map the MITRE ATT&CK tactic and technique to threat behaviors and indicators you enter in the prompt, saving you a ton of time!
github.com
January 8, 2026 at 6:16 PM
We have added a new analysis Skill thanks to @BlueTeamSteve! This skill can be used to quickly and accurately map the MITRE ATT&CK tactic and technique to threat behaviors and indicators you enter in the prompt, saving you a ton of time!
𝗘𝗗𝗥 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 𝗨𝗽𝗱𝗮𝘁𝗲: 𝗡𝗲𝘄 𝗜𝗻𝘁𝗲𝗿𝗮𝗰𝘁𝗶𝘃𝗲 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗘𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲, 𝗠𝗜𝗧𝗥𝗘 𝗔𝗧𝗧&𝗖𝗞 𝗜𝗻𝘀𝗶𝗴𝗵𝘁𝘀, 𝗮𝗻𝗱 𝗪𝗮𝘁𝗰𝗵𝗚𝘂𝗮𝗿𝗱 𝗘𝗗𝗥
We want to start by thanking everyone who supported us as early adopters.
We want to start by thanking everyone who supported us as early adopters.
EDR Comparison - Compare Endpoint Detection & Response Solutions
Make informed security decisions with expert EDR comparisons. Compare endpoint detection and response solutions with detailed feature analysis and side-by-side comparisons.
www.edr-comparison.com
January 7, 2026 at 5:02 PM
𝗘𝗗𝗥 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 𝗨𝗽𝗱𝗮𝘁𝗲: 𝗡𝗲𝘄 𝗜𝗻𝘁𝗲𝗿𝗮𝗰𝘁𝗶𝘃𝗲 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗘𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲, 𝗠𝗜𝗧𝗥𝗘 𝗔𝗧𝗧&𝗖𝗞 𝗜𝗻𝘀𝗶𝗴𝗵𝘁𝘀, 𝗮𝗻𝗱 𝗪𝗮𝘁𝗰𝗵𝗚𝘂𝗮𝗿𝗱 𝗘𝗗𝗥
We want to start by thanking everyone who supported us as early adopters.
We want to start by thanking everyone who supported us as early adopters.
𝗝𝘂𝘀𝘁 𝗹𝗮𝘂𝗻𝗰𝗵𝗲𝗱 𝗮𝘄𝗲𝘀𝗼𝗺𝗲-𝗱𝗳𝗶𝗿-𝘀𝗸𝗶𝗹𝗹𝘀 𝘄𝗶𝘁𝗵 @fr0gger_ !
Designed to save time during investigations and everyday DFIR tasks
Thomas has built an excellent malware triage skill, and I’ve added a couple of timeline analysis skills to help you get started.
Designed to save time during investigations and everyday DFIR tasks
Thomas has built an excellent malware triage skill, and I’ve added a couple of timeline analysis skills to help you get started.
GitHub - tsale/awesome-dfir-skills: A curated collection of DFIR skills and workflows for InfoSec practitioners.
A curated collection of DFIR skills and workflows for InfoSec practitioners. - tsale/awesome-dfir-skills
github.com
December 30, 2025 at 9:10 PM
𝗝𝘂𝘀𝘁 𝗹𝗮𝘂𝗻𝗰𝗵𝗲𝗱 𝗮𝘄𝗲𝘀𝗼𝗺𝗲-𝗱𝗳𝗶𝗿-𝘀𝗸𝗶𝗹𝗹𝘀 𝘄𝗶𝘁𝗵 @fr0gger_ !
Designed to save time during investigations and everyday DFIR tasks
Thomas has built an excellent malware triage skill, and I’ve added a couple of timeline analysis skills to help you get started.
Designed to save time during investigations and everyday DFIR tasks
Thomas has built an excellent malware triage skill, and I’ve added a couple of timeline analysis skills to help you get started.
We’ve just added 𝗖-𝗣𝗿𝗼𝘁 EDR to the EDR Telemetry Project and it sets a new bar for Linux telemetry!
C-Prot is currently #1 in the Linux EDR table, with exceptional depth and quality of raw telemetry. What really stands out is the level of transparency: we got direct access to a production...
C-Prot is currently #1 in the Linux EDR table, with exceptional depth and quality of raw telemetry. What really stands out is the level of transparency: we got direct access to a production...
Add C-Prot telemetry coverage to Linux EDR telemetry matrix by tsale · Pull Request #151 · tsale/EDR-Telemetry
EDR Telemetry Pull Request Contribution Details Adding comprehensive Linux telemetry support for C-Prot EDR, including detailed event mappings, field explanations, and validation artifacts. This co...
github.com
December 29, 2025 at 3:00 PM
We’ve just added 𝗖-𝗣𝗿𝗼𝘁 EDR to the EDR Telemetry Project and it sets a new bar for Linux telemetry!
C-Prot is currently #1 in the Linux EDR table, with exceptional depth and quality of raw telemetry. What really stands out is the level of transparency: we got direct access to a production...
C-Prot is currently #1 in the Linux EDR table, with exceptional depth and quality of raw telemetry. What really stands out is the level of transparency: we got direct access to a production...
Claude set a strong bar for structured, workflow-driven AI usage, and it’s no surprise we’re now seeing similar ideas across other platforms like OpenAI.
I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
Agent Skills
Give Codex new capabilities and expertise
developers.openai.com
December 27, 2025 at 12:18 AM
Claude set a strong bar for structured, workflow-driven AI usage, and it’s no surprise we’re now seeing similar ideas across other platforms like OpenAI.
I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
Merry Christmas everyone! Hope everyone’s enjoying some downtime 🎄
December 25, 2025 at 7:26 PM
Merry Christmas everyone! Hope everyone’s enjoying some downtime 🎄
I’ve moved all of my blog posts from Medium to a new blog section on my personal website.
If you’re looking for a good read, I’d recommend my Cobalt Strike write-ups (Part 1 & Part 2) from 2021–2022.
kostas.page/blog/cobalt-...
If you’re looking for a good read, I’d recommend my Cobalt Strike write-ups (Part 1 & Part 2) from 2021–2022.
kostas.page/blog/cobalt-...
Cobalt Strike, a Defender's Guide - Part 2
The second part of the Cobalt Strike defender's guide, focusing on network traffic analysis and practical detection methods to identify Cobalt Strike beacons in your environment.
kostas.page
December 23, 2025 at 5:06 PM
I’ve moved all of my blog posts from Medium to a new blog section on my personal website.
If you’re looking for a good read, I’d recommend my Cobalt Strike write-ups (Part 1 & Part 2) from 2021–2022.
kostas.page/blog/cobalt-...
If you’re looking for a good read, I’d recommend my Cobalt Strike write-ups (Part 1 & Part 2) from 2021–2022.
kostas.page/blog/cobalt-...
Many large companies are using AI and forcing their employees to use their AI models. They do this to train their AI models, getting them ready to replace many low-level analyst positions.
If you are a security analyst in one of these big organizations, you need to have plan B….
If you are a security analyst in one of these big organizations, you need to have plan B….
December 18, 2025 at 10:22 PM
Many large companies are using AI and forcing their employees to use their AI models. They do this to train their AI models, getting them ready to replace many low-level analyst positions.
If you are a security analyst in one of these big organizations, you need to have plan B….
If you are a security analyst in one of these big organizations, you need to have plan B….
📢 𝗜’𝗺 𝗮𝗻𝗻𝗼𝘂𝗻𝗰𝗶𝗻𝗴 𝗧𝗵𝗿𝗲𝗮𝘁 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗟𝗮𝗯𝘀, 𝗹𝗮𝘂𝗻𝗰𝗵𝗶𝗻𝗴 𝗻𝗲𝘅𝘁 𝘆𝗲𝗮𝗿!
After building threat hunting teams for large MSSPs, creating DFIR Labs for TheDFIRReport, and sharing years of free threat hunting material, I want to bring everything together into one platform. Something closer to how investigations...
After building threat hunting teams for large MSSPs, creating DFIR Labs for TheDFIRReport, and sharing years of free threat hunting material, I want to bring everything together into one platform. Something closer to how investigations...
ThreatHunting Labs | Real Intrusion Training
Hands-on threat hunting labs built from real intrusions, not simulations. Join the waitlist for early access.
threathuntinglabs.com
December 16, 2025 at 5:38 PM
📢 𝗜’𝗺 𝗮𝗻𝗻𝗼𝘂𝗻𝗰𝗶𝗻𝗴 𝗧𝗵𝗿𝗲𝗮𝘁 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗟𝗮𝗯𝘀, 𝗹𝗮𝘂𝗻𝗰𝗵𝗶𝗻𝗴 𝗻𝗲𝘅𝘁 𝘆𝗲𝗮𝗿!
After building threat hunting teams for large MSSPs, creating DFIR Labs for TheDFIRReport, and sharing years of free threat hunting material, I want to bring everything together into one platform. Something closer to how investigations...
After building threat hunting teams for large MSSPs, creating DFIR Labs for TheDFIRReport, and sharing years of free threat hunting material, I want to bring everything together into one platform. Something closer to how investigations...
𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗶𝗻𝗴: 𝗧𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆 𝗜𝗻𝗱𝗶𝗰𝗮𝘁𝗼𝗿𝘀 𝗶𝗻 𝘁𝗵𝗲 𝗘𝗗𝗥-𝗧𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆 𝗣𝗿𝗼𝗷𝗲𝗰𝘁!
Transparency has always been central to the EDR Telemetry Project. Evaluations may involve different levels of access, and making that visible adds helpful context for readers.
Transparency has always been central to the EDR Telemetry Project. Evaluations may involve different levels of access, and making that visible adds helpful context for readers.
Behind the Curtain: How the EDR Telemetry Project Approaches Vendor Relations, Evaluations, and Transparency
Introducing transparency indicators and explaining how we validate telemetry while staying independent.
www.edr-telemetry.com
December 15, 2025 at 1:01 PM
𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗶𝗻𝗴: 𝗧𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆 𝗜𝗻𝗱𝗶𝗰𝗮𝘁𝗼𝗿𝘀 𝗶𝗻 𝘁𝗵𝗲 𝗘𝗗𝗥-𝗧𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆 𝗣𝗿𝗼𝗷𝗲𝗰𝘁!
Transparency has always been central to the EDR Telemetry Project. Evaluations may involve different levels of access, and making that visible adds helpful context for readers.
Transparency has always been central to the EDR Telemetry Project. Evaluations may involve different levels of access, and making that visible adds helpful context for readers.
⊕We’ve added 𝗖𝗶𝘀𝗰𝗼 𝗦𝗲𝗰𝘂𝗿𝗲 𝗘𝗻𝗱𝗽𝗼𝗶𝗻𝘁 to the EDR-Comparison.com platform!!
Cisco shows strength in prevention, indicator alerting, and response automation, with solid investigation visuals and well-documented APIs that integrate easily into broader security stacks. It’s a platform that leans more...
Cisco shows strength in prevention, indicator alerting, and response automation, with solid investigation visuals and well-documented APIs that integrate easily into broader security stacks. It’s a platform that leans more...
December 12, 2025 at 4:26 PM
⊕We’ve added 𝗖𝗶𝘀𝗰𝗼 𝗦𝗲𝗰𝘂𝗿𝗲 𝗘𝗻𝗱𝗽𝗼𝗶𝗻𝘁 to the EDR-Comparison.com platform!!
Cisco shows strength in prevention, indicator alerting, and response automation, with solid investigation visuals and well-documented APIs that integrate easily into broader security stacks. It’s a platform that leans more...
Cisco shows strength in prevention, indicator alerting, and response automation, with solid investigation visuals and well-documented APIs that integrate easily into broader security stacks. It’s a platform that leans more...
As we are are approaching our goal, starting January, we’re updating the pricing for the 𝗘𝗗𝗥 𝗙𝗲𝗮𝘁𝘂𝗿𝗲 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗦𝗲𝗿𝘃𝗶𝗰𝗲. The platform has grown far beyond the initial dataset, and the new pricing reflects the depth of work going into the next phase of the project.
𝗪𝗵𝗮𝘁’𝘀 𝗰𝗼𝗺𝗶𝗻𝗴 𝗻𝗲𝘅𝘁:
𝗪𝗵𝗮𝘁’𝘀 𝗰𝗼𝗺𝗶𝗻𝗴 𝗻𝗲𝘅𝘁:
EDR Comparison - Compare Endpoint Detection & Response Solutions
Make informed security decisions with expert EDR comparisons. Compare endpoint detection and response solutions with detailed feature analysis and side-by-side comparisons.
edr-comparison.com
December 10, 2025 at 8:11 PM
As we are are approaching our goal, starting January, we’re updating the pricing for the 𝗘𝗗𝗥 𝗙𝗲𝗮𝘁𝘂𝗿𝗲 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗦𝗲𝗿𝘃𝗶𝗰𝗲. The platform has grown far beyond the initial dataset, and the new pricing reflects the depth of work going into the next phase of the project.
𝗪𝗵𝗮𝘁’𝘀 𝗰𝗼𝗺𝗶𝗻𝗴 𝗻𝗲𝘅𝘁:
𝗪𝗵𝗮𝘁’𝘀 𝗰𝗼𝗺𝗶𝗻𝗴 𝗻𝗲𝘅𝘁:
I’ve been getting a lot of questions lately about the difference between the 𝗘𝗗𝗥 𝗧𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆 𝗣𝗿𝗼𝗷𝗲𝗰𝘁 and the 𝗘𝗗𝗥 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗦𝗲𝗿𝘃𝗶𝗰𝗲.
They’re related, but they solve completely different problems. Telemetry 𝗶𝘀 𝗼𝗻𝗲 𝗽𝗶𝗲𝗰𝗲 𝗼𝗳 𝘁𝗵𝗲 𝗽𝘂𝘇𝘇𝗹𝗲. The comparison service 𝗹𝗼𝗼𝗸𝘀 𝗮𝘁 𝘁𝗵𝗲 𝗲𝗻𝘁𝗶𝗿𝗲 𝘀𝗼𝗹𝘂𝘁𝗶𝗼𝗻.
They’re related, but they solve completely different problems. Telemetry 𝗶𝘀 𝗼𝗻𝗲 𝗽𝗶𝗲𝗰𝗲 𝗼𝗳 𝘁𝗵𝗲 𝗽𝘂𝘇𝘇𝗹𝗲. The comparison service 𝗹𝗼𝗼𝗸𝘀 𝗮𝘁 𝘁𝗵𝗲 𝗲𝗻𝘁𝗶𝗿𝗲 𝘀𝗼𝗹𝘂𝘁𝗶𝗼𝗻.
EDR Comparison - Compare Endpoint Detection & Response Solutions
Make informed security decisions with expert EDR comparisons. Compare endpoint detection and response solutions with detailed feature analysis and side-by-side comparisons.
www.edr-comparison.com
December 8, 2025 at 9:35 PM
I’ve been getting a lot of questions lately about the difference between the 𝗘𝗗𝗥 𝗧𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆 𝗣𝗿𝗼𝗷𝗲𝗰𝘁 and the 𝗘𝗗𝗥 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗦𝗲𝗿𝘃𝗶𝗰𝗲.
They’re related, but they solve completely different problems. Telemetry 𝗶𝘀 𝗼𝗻𝗲 𝗽𝗶𝗲𝗰𝗲 𝗼𝗳 𝘁𝗵𝗲 𝗽𝘂𝘇𝘇𝗹𝗲. The comparison service 𝗹𝗼𝗼𝗸𝘀 𝗮𝘁 𝘁𝗵𝗲 𝗲𝗻𝘁𝗶𝗿𝗲 𝘀𝗼𝗹𝘂𝘁𝗶𝗼𝗻.
They’re related, but they solve completely different problems. Telemetry 𝗶𝘀 𝗼𝗻𝗲 𝗽𝗶𝗲𝗰𝗲 𝗼𝗳 𝘁𝗵𝗲 𝗽𝘂𝘇𝘇𝗹𝗲. The comparison service 𝗹𝗼𝗼𝗸𝘀 𝗮𝘁 𝘁𝗵𝗲 𝗲𝗻𝘁𝗶𝗿𝗲 𝘀𝗼𝗹𝘂𝘁𝗶𝗼𝗻.
This report from Bleeping is crazy, is You can't make this stuff up! 😂
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
December 6, 2025 at 4:27 AM
This report from Bleeping is crazy, is You can't make this stuff up! 😂
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Quick update. We just added a new EDR vendor directory page to the platform. If you want a clean overview of who’s included and a preview of the comparison features, start here: www.edr-comparison.com/directory
EDR Comparison - Compare Endpoint Detection & Response Solutions
Make informed security decisions with expert EDR comparisons. Compare endpoint detection and response solutions with detailed feature analysis and side-by-side comparisons.
www.edr-comparison.com
December 5, 2025 at 9:56 PM
Quick update. We just added a new EDR vendor directory page to the platform. If you want a clean overview of who’s included and a preview of the comparison features, start here: www.edr-comparison.com/directory
Heads-up on CVE-2025-55182: a CVSS 10.0 pre-auth RCE affecting React Server Components 19.x. Can be triggered through malicious HTTP payloads, so there will be chaos when a POC comes out.
On that note...there are many fake POCs circulating. Be careful what you run. A POC is not available yet.
On that note...there are many fake POCs circulating. Be careful what you run. A POC is not available yet.
December 4, 2025 at 7:44 AM
Heads-up on CVE-2025-55182: a CVSS 10.0 pre-auth RCE affecting React Server Components 19.x. Can be triggered through malicious HTTP payloads, so there will be chaos when a POC comes out.
On that note...there are many fake POCs circulating. Be careful what you run. A POC is not available yet.
On that note...there are many fake POCs circulating. Be careful what you run. A POC is not available yet.
🚨𝗕𝗶𝗴 𝗱𝗮𝘆 𝗳𝗼𝗿 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝗦𝘁𝗿𝗲𝗮𝗺. 𝗢𝗻𝗲 𝗼𝗳 𝗼𝘂𝗿 𝗹𝗮𝗿𝗴𝗲𝘀𝘁 𝗿𝗲𝗹𝗲𝗮𝘀𝗲𝘀 𝘆𝗲𝘁.
The platform now supports official pySigma validation fully in-browser, compiled to WebAssembly. Same validation as sigma-cli. Thanks to @sifex from detection.studio for the inspiration behind the implementation.
Here’s what we added:👇
The platform now supports official pySigma validation fully in-browser, compiled to WebAssembly. Same validation as sigma-cli. Thanks to @sifex from detection.studio for the inspiration behind the implementation.
Here’s what we added:👇
December 2, 2025 at 2:30 PM
🚨𝗕𝗶𝗴 𝗱𝗮𝘆 𝗳𝗼𝗿 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝗦𝘁𝗿𝗲𝗮𝗺. 𝗢𝗻𝗲 𝗼𝗳 𝗼𝘂𝗿 𝗹𝗮𝗿𝗴𝗲𝘀𝘁 𝗿𝗲𝗹𝗲𝗮𝘀𝗲𝘀 𝘆𝗲𝘁.
The platform now supports official pySigma validation fully in-browser, compiled to WebAssembly. Same validation as sigma-cli. Thanks to @sifex from detection.studio for the inspiration behind the implementation.
Here’s what we added:👇
The platform now supports official pySigma validation fully in-browser, compiled to WebAssembly. Same validation as sigma-cli. Thanks to @sifex from detection.studio for the inspiration behind the implementation.
Here’s what we added:👇
A lot of folks have been asking how we run our EDR testing and what the methodology looks like behind the scenes.
I put together a full deep dive walking through our process, the tooling we use, and how we score everything based on direct telemetry.
I put together a full deep dive walking through our process, the tooling we use, and how we score everything based on direct telemetry.
A Deep Dive into the EDR Telemetry Project's Direct Testing Methodology
How we test EDR products with hands-on execution, raw telemetry collection, and evidence-based scoring.
www.edr-telemetry.com
December 1, 2025 at 2:31 PM
A lot of folks have been asking how we run our EDR testing and what the methodology looks like behind the scenes.
I put together a full deep dive walking through our process, the tooling we use, and how we score everything based on direct telemetry.
I put together a full deep dive walking through our process, the tooling we use, and how we score everything based on direct telemetry.
If you’re trying to use Wazuh for threat hunting or incident response, stop wasting your time. Wazuh is fine for compliance and system visibility, but that’s where it ends.
November 27, 2025 at 5:17 PM
If you’re trying to use Wazuh for threat hunting or incident response, stop wasting your time. Wazuh is fine for compliance and system visibility, but that’s where it ends.
𝗥𝗼𝗮𝗱𝗺𝗮𝗽 𝘂𝗽𝗱𝗮𝘁𝗲: the first milestone is done. The Interactive Comparison Interface now has its core engine in place. Good progress for week one, and more updates are coming along with more EDR vendors!
November 26, 2025 at 3:25 PM
𝗥𝗼𝗮𝗱𝗺𝗮𝗽 𝘂𝗽𝗱𝗮𝘁𝗲: the first milestone is done. The Interactive Comparison Interface now has its core engine in place. Good progress for week one, and more updates are coming along with more EDR vendors!
I just finished a big update for the EDR Telemetry website. We’re preparing for many exciting updates and want to make sure we’re ready 🙂
Check it out and let me know what you think - www.edr-telemetry.com
Check it out and let me know what you think - www.edr-telemetry.com
EDR Telemetry Project: Transparent Benchmarking & Telemetry Analysis for Businesses
Explore transparent, vendor-neutral EDR telemetry benchmarks. Make confident security decisions with real-world data and practical analysis for your business.
www.edr-telemetry.com
November 22, 2025 at 10:47 PM
I just finished a big update for the EDR Telemetry website. We’re preparing for many exciting updates and want to make sure we’re ready 🙂
Check it out and let me know what you think - www.edr-telemetry.com
Check it out and let me know what you think - www.edr-telemetry.com
I'm reviving Teletracker. Missed working on it and it deserved a second life.
I'm rt is way more useful for investigations. Drop in a bot token from malware and see threat actor comms directly from a clean web interface.
Demo video attached. Let me know your thoughts!
I'm rt is way more useful for investigations. Drop in a bot token from malware and see threat actor comms directly from a clean web interface.
Demo video attached. Let me know your thoughts!
November 20, 2025 at 9:14 PM
I'm reviving Teletracker. Missed working on it and it deserved a second life.
I'm rt is way more useful for investigations. Drop in a bot token from malware and see threat actor comms directly from a clean web interface.
Demo video attached. Let me know your thoughts!
I'm rt is way more useful for investigations. Drop in a bot token from malware and see threat actor comms directly from a clean web interface.
Demo video attached. Let me know your thoughts!
𝗦𝘂𝗿𝗶𝗰𝗮𝘁𝗮 𝗶𝘀 𝗻𝗼𝘄 𝗽𝗮𝗿𝘁 𝗼𝗳 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝗦𝘁𝗿𝗲𝗮𝗺 𝘄𝗶𝘁𝗵 𝗽𝗹𝗮𝘆𝗴𝗿𝗼𝘂𝗻𝗱𝘀 𝗮𝗻𝗱 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀!
Big update for anyone working on network detections.
𝗜𝗻𝗰𝗹𝘂𝗱𝗲𝗱:
• 45k+ ET rules available out of the box
• Full ET Open ruleset preloaded
• Build and validate custom Suricata rules
Big update for anyone working on network detections.
𝗜𝗻𝗰𝗹𝘂𝗱𝗲𝗱:
• 45k+ ET rules available out of the box
• Full ET Open ruleset preloaded
• Build and validate custom Suricata rules
DetectionStream Just Got a Major Upgrade: Suricata Integration is Here!
I’m excited to share some big news! We’ve just rolled out a massive update to DetectionStream, and it’s one that I had planned to add for a…
kostas-ts.medium.com
November 20, 2025 at 5:37 PM
𝗦𝘂𝗿𝗶𝗰𝗮𝘁𝗮 𝗶𝘀 𝗻𝗼𝘄 𝗽𝗮𝗿𝘁 𝗼𝗳 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝗦𝘁𝗿𝗲𝗮𝗺 𝘄𝗶𝘁𝗵 𝗽𝗹𝗮𝘆𝗴𝗿𝗼𝘂𝗻𝗱𝘀 𝗮𝗻𝗱 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀!
Big update for anyone working on network detections.
𝗜𝗻𝗰𝗹𝘂𝗱𝗲𝗱:
• 45k+ ET rules available out of the box
• Full ET Open ruleset preloaded
• Build and validate custom Suricata rules
Big update for anyone working on network detections.
𝗜𝗻𝗰𝗹𝘂𝗱𝗲𝗱:
• 45k+ ET rules available out of the box
• Full ET Open ruleset preloaded
• Build and validate custom Suricata rules
Cloud Flare’s outage yesterday came down to one thing. A feature file in Bot Management quietly doubled in size and blew past an internal limit, which cascaded across their proxies.
Full writeup ➡️ blog.cloudflare.com/18-november-...
Full writeup ➡️ blog.cloudflare.com/18-november-...
Cloudflare outage on November 18, 2025
Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.
blog.cloudflare.com
November 19, 2025 at 4:25 PM
Cloud Flare’s outage yesterday came down to one thing. A feature file in Bot Management quietly doubled in size and blew past an internal limit, which cascaded across their proxies.
Full writeup ➡️ blog.cloudflare.com/18-november-...
Full writeup ➡️ blog.cloudflare.com/18-november-...
Me trying to launch my new EDR comparison service while Cloudflare has an outage🤦♂️
a group of people are standing on a track and one of them is wearing a red hat .
ALT: a group of people are standing on a track and one of them is wearing a red hat .
media.tenor.com
November 19, 2025 at 12:00 AM
Me trying to launch my new EDR comparison service while Cloudflare has an outage🤦♂️