Nathan Burns
@n-burns.bsky.social
Senior Detection Engineer and Threat Hunter @ Autodesk
https://medium.com/@nburns9922
Opinions are my own (of course)
https://medium.com/@nburns9922
Opinions are my own (of course)
Looking to start deploying detections in ESXi environments? I'm releasing ESXi Testing Toolkit: github.com/AlbinoGazell...
It's a Python-based CLI tool that contains adversary tests from places like LOLESXi and Atomic Red Team. It features 21 different tests, 18 pre-made Sigma rules, and much more!
It's a Python-based CLI tool that contains adversary tests from places like LOLESXi and Atomic Red Team. It features 21 different tests, 18 pre-made Sigma rules, and much more!
GitHub - AlbinoGazelle/esxi-testing-toolkit: 🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections. - AlbinoGazelle/esxi-testing-toolkit
github.com
January 13, 2025 at 11:27 PM
Looking to start deploying detections in ESXi environments? I'm releasing ESXi Testing Toolkit: github.com/AlbinoGazell...
It's a Python-based CLI tool that contains adversary tests from places like LOLESXi and Atomic Red Team. It features 21 different tests, 18 pre-made Sigma rules, and much more!
It's a Python-based CLI tool that contains adversary tests from places like LOLESXi and Atomic Red Team. It features 21 different tests, 18 pre-made Sigma rules, and much more!
Always rewarding to contribute back to open source projects, but it's even better when they give you some free swag. Thanks Red Canary!
December 21, 2024 at 1:28 AM
Always rewarding to contribute back to open source projects, but it's even better when they give you some free swag. Thanks Red Canary!
Neat blog post by Unit42 on Akira Ransomware variants designed specifically for ESXi hosts.
Luckily, ESXi will log when syslog and coredump settings are modified in /var/log/hostd.log. See below gist for artifacts.
gist.github.com/AlbinoGazell...
Ref: unit42.paloaltonetworks.com/threat-asses...
Luckily, ESXi will log when syslog and coredump settings are modified in /var/log/hostd.log. See below gist for artifacts.
gist.github.com/AlbinoGazell...
Ref: unit42.paloaltonetworks.com/threat-asses...
Threat Assessment: Howling Scorpius (Akira Ransomware)
Howling Scorpius, active since 2023, uses Akira ransomware to target businesses globally, employing a double-extortion strategy and upgrading tools regularly. Howling Scorpius, active since 2023, uses...
unit42.paloaltonetworks.com
December 4, 2024 at 11:24 PM
Neat blog post by Unit42 on Akira Ransomware variants designed specifically for ESXi hosts.
Luckily, ESXi will log when syslog and coredump settings are modified in /var/log/hostd.log. See below gist for artifacts.
gist.github.com/AlbinoGazell...
Ref: unit42.paloaltonetworks.com/threat-asses...
Luckily, ESXi will log when syslog and coredump settings are modified in /var/log/hostd.log. See below gist for artifacts.
gist.github.com/AlbinoGazell...
Ref: unit42.paloaltonetworks.com/threat-asses...
Pay-what-you-want training that covers Sigma/pySigma, Detections as Code, and Splunk? Support this!
New Course: Automated Detection with Sigma
Two courses in one week?!? We're so excited to share with you a new course that Faculty member @hgb.crowstrike.zip has been working hard on for about a year now!
taggartinstitute.org/p/detection-...
Two courses in one week?!? We're so excited to share with you a new course that Faculty member @hgb.crowstrike.zip has been working hard on for about a year now!
taggartinstitute.org/p/detection-...
The Taggart Institute: Master Your Craft
The Taggart Institute exists to provide low-cost, high-quality technology training to everyone in a welcoming, supportive community.
taggartinstitute.org
November 25, 2024 at 10:26 PM
Pay-what-you-want training that covers Sigma/pySigma, Detections as Code, and Splunk? Support this!
Reposted by Nathan Burns
I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR
November 18, 2024 at 3:37 PM
I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR
Interesting discovery while researching potential ESXi detections. If you execute a command over ssh (e.g ssh root@esxi.local "echo 123") that isn't logged to /var/log/shell.log but rather /var/log/auth.log as "User 'root' running command echo 123".
Make sure your detections look at both log files!
Make sure your detections look at both log files!
November 23, 2024 at 11:24 PM
Interesting discovery while researching potential ESXi detections. If you execute a command over ssh (e.g ssh root@esxi.local "echo 123") that isn't logged to /var/log/shell.log but rather /var/log/auth.log as "User 'root' running command echo 123".
Make sure your detections look at both log files!
Make sure your detections look at both log files!