Roberto Martínez
@r0bertmart1nez.bsky.social
Practice Lead @ Bulletproof | Senior Security Researcher | CTI | Threat Hunting | DFIR | Purple Teaming | Keynote Speaker | Professor | Author 🇲🇽🇨🇦
Excited to share that I'll be speaking at MCTTP 2025 in Munich, Germany 🇩🇪, from September 17 to 19 www.mcttp.de?utm_source=S.... This event fosters innovation, collaboration, and idea exchange. Grateful for the opportunity to contribute! #MCTTP2025 #PurpleTeaming
www.mcttp.de
June 6, 2025 at 6:10 PM
Excited to share that I'll be speaking at MCTTP 2025 in Munich, Germany 🇩🇪, from September 17 to 19 www.mcttp.de?utm_source=S.... This event fosters innovation, collaboration, and idea exchange. Grateful for the opportunity to contribute! #MCTTP2025 #PurpleTeaming
Que buen juego!!! 👏🏻🏒🇨🇦
February 21, 2025 at 5:02 AM
Que buen juego!!! 👏🏻🏒🇨🇦
Reposted by Roberto Martínez
MEIOC
#Python automation tool to extract information from EML files:
Headers
Detailed server relay hops (IP addresses involved)
Extracted URLS/domains
Attachments with calculated hashes.
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
github.com/drego85/meioc
#Python automation tool to extract information from EML files:
Headers
Detailed server relay hops (IP addresses involved)
Extracted URLS/domains
Attachments with calculated hashes.
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
github.com/drego85/meioc
January 10, 2025 at 10:47 PM
MEIOC
#Python automation tool to extract information from EML files:
Headers
Detailed server relay hops (IP addresses involved)
Extracted URLS/domains
Attachments with calculated hashes.
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
github.com/drego85/meioc
#Python automation tool to extract information from EML files:
Headers
Detailed server relay hops (IP addresses involved)
Extracted URLS/domains
Attachments with calculated hashes.
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail)
github.com/drego85/meioc
Reposted by Roberto Martínez
Talks from the FIRSTCON 2024 security conference, which took place in June, are available on YouTube
www.youtube.com/playlist?lis...
www.youtube.com/playlist?lis...
FIRSTCON24 - YouTube
36th Annual FIRST Conference "BRIDGING SECURITY RESPONSE GAPS" For more information on the conference and access to materials, please visit https://www.first...
www.youtube.com
January 1, 2025 at 5:30 PM
Talks from the FIRSTCON 2024 security conference, which took place in June, are available on YouTube
www.youtube.com/playlist?lis...
www.youtube.com/playlist?lis...
Reposted by Roberto Martínez
7 Bluesky settings tweaks that make the popular X alternative even better https://www.zdnet.com/article/7-bluesky-settings-tweaks-that-make-the-popular-x-alternative-even-better/
7 Bluesky settings tweaks that make the popular X alternative even better
If you've migrated from X to Bluesky like the millions of others, here are a few ways to make the experience as wonderful (and drama-free) as possible.
www.zdnet.com
December 16, 2024 at 12:42 PM
7 Bluesky settings tweaks that make the popular X alternative even better https://www.zdnet.com/article/7-bluesky-settings-tweaks-that-make-the-popular-x-alternative-even-better/
Reposted by Roberto Martínez
🚀 New Updates for the EDR Telemetry Project! 🛡️
We’ve rolled out a series of exciting improvements to the EDR Telemetry Project, and there’s so much to explore. Let's dive into these updates 👇
🔗 Check out the full details and get involved here: kostas-ts.medium.com...
1/X
We’ve rolled out a series of exciting improvements to the EDR Telemetry Project, and there’s so much to explore. Let's dive into these updates 👇
🔗 Check out the full details and get involved here: kostas-ts.medium.com...
1/X
December 13, 2024 at 10:12 PM
🚀 New Updates for the EDR Telemetry Project! 🛡️
We’ve rolled out a series of exciting improvements to the EDR Telemetry Project, and there’s so much to explore. Let's dive into these updates 👇
🔗 Check out the full details and get involved here: kostas-ts.medium.com...
1/X
We’ve rolled out a series of exciting improvements to the EDR Telemetry Project, and there’s so much to explore. Let's dive into these updates 👇
🔗 Check out the full details and get involved here: kostas-ts.medium.com...
1/X
Reposted by Roberto Martínez
ATT&CKCon 5.0 videos and slides are up! Dig in to this year's presentations here:
📽️ www.youtube.com/playlist?lis...
📄 www.slideshare.net/MITREATTACK/...
📽️ www.youtube.com/playlist?lis...
📄 www.slideshare.net/MITREATTACK/...
ATT&CKcon 5.0 - YouTube
www.youtube.com
December 13, 2024 at 3:00 PM
ATT&CKCon 5.0 videos and slides are up! Dig in to this year's presentations here:
📽️ www.youtube.com/playlist?lis...
📄 www.slideshare.net/MITREATTACK/...
📽️ www.youtube.com/playlist?lis...
📄 www.slideshare.net/MITREATTACK/...
Reposted by Roberto Martínez
Microsoft's MarkItDown
The MarkItDown library is a utility tool for converting various files to Markdown (e.g., for indexing, text analysis, etc.)
Repo: github.com/microsoft/ma...
The MarkItDown library is a utility tool for converting various files to Markdown (e.g., for indexing, text analysis, etc.)
Repo: github.com/microsoft/ma...
GitHub - microsoft/markitdown: Python tool for converting files and office documents to Markdown.
Python tool for converting files and office documents to Markdown. - microsoft/markitdown
github.com
December 12, 2024 at 9:56 PM
Microsoft's MarkItDown
The MarkItDown library is a utility tool for converting various files to Markdown (e.g., for indexing, text analysis, etc.)
Repo: github.com/microsoft/ma...
The MarkItDown library is a utility tool for converting various files to Markdown (e.g., for indexing, text analysis, etc.)
Repo: github.com/microsoft/ma...
Reposted by Roberto Martínez
Kaspersky has open-sourced hrtng, its internal IDA Pro plugin used for various malware reverse-engineering tasks
github.com/KasperskyLab...
github.com/KasperskyLab...
GitHub - KasperskyLab/hrtng: IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations
IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations - KasperskyLab/hrtng
github.com
December 5, 2024 at 3:57 PM
Kaspersky has open-sourced hrtng, its internal IDA Pro plugin used for various malware reverse-engineering tasks
github.com/KasperskyLab...
github.com/KasperskyLab...
Thanks for sharing @theblackgem.net From the security perspective there are a couple of resources pretty interesting design.ros2.org/articles/ros... and arxiv.org/abs/1812.09492
December 4, 2024 at 11:20 PM
Thanks for sharing @theblackgem.net From the security perspective there are a couple of resources pretty interesting design.ros2.org/articles/ros... and arxiv.org/abs/1812.09492
Security = Reducing the risk to an acceptable level for the organization
NIST #Ransomware Risk Management
nvlpubs.nist.gov/nistpubs/ir/20…
NIST #Ransomware Risk Management
nvlpubs.nist.gov/nistpubs/ir/20…
https://nvlpubs.nist.gov/nistpubs/ir/20…
December 4, 2024 at 4:48 PM
Security = Reducing the risk to an acceptable level for the organization
NIST #Ransomware Risk Management
nvlpubs.nist.gov/nistpubs/ir/20…
NIST #Ransomware Risk Management
nvlpubs.nist.gov/nistpubs/ir/20…
Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion medium.com/mitre-engenu...
Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion
MITRE’s experiences detecting and responding to a nation-state cyber threat actor incident in our research and experimentation network
medium.com
December 3, 2024 at 2:18 AM
Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion medium.com/mitre-engenu...
Quedan pocas horas para que finalice la promoción de mi curso de eLearning "Respondiendo a Incidentes de Ciberseguridad utilizando Inteligencia de Amenazas" que comienza esta semana.
#DFIR #ThreatIntelligence #ThreatHunting
campus.universit.one/courses/e-IR...
#DFIR #ThreatIntelligence #ThreatHunting
campus.universit.one/courses/e-IR...
December 3, 2024 at 1:50 AM
Quedan pocas horas para que finalice la promoción de mi curso de eLearning "Respondiendo a Incidentes de Ciberseguridad utilizando Inteligencia de Amenazas" que comienza esta semana.
#DFIR #ThreatIntelligence #ThreatHunting
campus.universit.one/courses/e-IR...
#DFIR #ThreatIntelligence #ThreatHunting
campus.universit.one/courses/e-IR...
Just a few hours left until the end of the promotion of my eLearning course "Responding to Cybersecurity Incidents using Threat Intelligence" starting this week.
campus.universit.one/courses/e-IR...
#DFIR #ThreatIntelligence #ThreatHunting
campus.universit.one/courses/e-IR...
#DFIR #ThreatIntelligence #ThreatHunting
December 3, 2024 at 1:46 AM
Just a few hours left until the end of the promotion of my eLearning course "Responding to Cybersecurity Incidents using Threat Intelligence" starting this week.
campus.universit.one/courses/e-IR...
#DFIR #ThreatIntelligence #ThreatHunting
campus.universit.one/courses/e-IR...
#DFIR #ThreatIntelligence #ThreatHunting
Reposted by Roberto Martínez
Nuevo caso de DFIRreport, como siempre un lujo #DFIR thedfirreport.com/2024/12/02/t...
The Curious Case of an Egg-Cellent Resume
Key Takeaways Initial access was via a resume lure as part of a TA4557/FIN6 campaign. The threat actor abused LOLbins like ie4uinit.exe and msxsl.exe to run the more_eggs malware. Cobalt Strike and…
thedfirreport.com
December 2, 2024 at 11:28 AM
Nuevo caso de DFIRreport, como siempre un lujo #DFIR thedfirreport.com/2024/12/02/t...
In many cases, attackers hide their activities in plain sight and navigate under the radar undetected. Knowing these techniques and improving the ability to detect them can make all the difference.
#Threathunting #DetectionEngineering #DFIR
medium.com/maltrak/file...
#Threathunting #DetectionEngineering #DFIR
medium.com/maltrak/file...
Fileless Attacks at a Glance: Weaponizing Powershell & Microsoft Legitimate Apps
In this article, you will learn what fileless attacks are, their components, and how to detect, and secure your organization from them
medium.com
December 2, 2024 at 12:50 AM
In many cases, attackers hide their activities in plain sight and navigate under the radar undetected. Knowing these techniques and improving the ability to detect them can make all the difference.
#Threathunting #DetectionEngineering #DFIR
medium.com/maltrak/file...
#Threathunting #DetectionEngineering #DFIR
medium.com/maltrak/file...
Know your adversary’s next move with the Technique Inference Engine, a machine learning-powered tool that infers unseen adversary techniques, providing security teams actionable intelligence.
#ThreatIntelligence #ThreatHunting #DFIR
mitre-engenuity.org/cybersecurit...
#ThreatIntelligence #ThreatHunting #DFIR
mitre-engenuity.org/cybersecurit...
Technique Inference Engine
The Technique Inference Engine is a machine learning-powered tool that infers unseen adversary techniques, providing security teams actionable intelligence.
mitre-engenuity.org
December 2, 2024 at 12:37 AM
Know your adversary’s next move with the Technique Inference Engine, a machine learning-powered tool that infers unseen adversary techniques, providing security teams actionable intelligence.
#ThreatIntelligence #ThreatHunting #DFIR
mitre-engenuity.org/cybersecurit...
#ThreatIntelligence #ThreatHunting #DFIR
mitre-engenuity.org/cybersecurit...
Reposted by Roberto Martínez
The future belongs to those who learn more skills and combine them in creative ways.
Robert Greene
Robert Greene
November 29, 2024 at 6:32 PM
The future belongs to those who learn more skills and combine them in creative ways.
Robert Greene
Robert Greene
The art and science behind Microsoft threat hunting: Part 1 www.microsoft.com/en-us/securi...
The art and science behind Microsoft threat hunting: Part 1 | Microsoft Security Blog
The Microsoft Detection and Response Team incorporates threat hunting as part of its proactive and reactive investigative service offerings.
www.microsoft.com
November 30, 2024 at 6:05 PM
The art and science behind Microsoft threat hunting: Part 1 www.microsoft.com/en-us/securi...
Storm-0501: Ransomware attacks expanding to hybrid cloud environments www.microsoft.com/en-us/securi...
Storm-0501: Ransomware attacks expanding to hybrid cloud environments | Microsoft Security Blog
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud ...
www.microsoft.com
November 30, 2024 at 5:45 PM
Storm-0501: Ransomware attacks expanding to hybrid cloud environments www.microsoft.com/en-us/securi...
El tiempo corre, accede a mi curso de eLearning “Responding to Cybersecurity Incidents Using Threat Intelligence” en este enlace campus.universit.one/courses/e-IR... una nueva lección cada semana a partir del próximo lunes.
November 30, 2024 at 4:56 PM
El tiempo corre, accede a mi curso de eLearning “Responding to Cybersecurity Incidents Using Threat Intelligence” en este enlace campus.universit.one/courses/e-IR... una nueva lección cada semana a partir del próximo lunes.
The clock is ticking, get access to my eLearning course "Responding to Cybersecurity Events using Threat Intelligence" in the following link campus.universit.one/courses/e-IR... a new lesson every week starting next Monday.
November 30, 2024 at 4:50 PM
The clock is ticking, get access to my eLearning course "Responding to Cybersecurity Events using Threat Intelligence" in the following link campus.universit.one/courses/e-IR... a new lesson every week starting next Monday.
Definitely the sky is bluer here 😎
November 29, 2024 at 9:29 PM
Definitely the sky is bluer here 😎
I’m happy to share that for BlackFriday and CyberMonday my elearning course "Responding to Cybersecurity Events using Threat Intelligence" is 90% off, using the code BlackFriday-CyberMonday-2024 in the following link campus.universit.one/courses/e-IR...
eLearning - Responding to Cybersecurity Incidents Using Threat Intelligence (English)
Practical insights into developing an incident response capability through intelligence-based threat hunting
campus.universit.one
November 28, 2024 at 11:07 PM
I’m happy to share that for BlackFriday and CyberMonday my elearning course "Responding to Cybersecurity Events using Threat Intelligence" is 90% off, using the code BlackFriday-CyberMonday-2024 in the following link campus.universit.one/courses/e-IR...