Pro-actively searching through and correlating logs in your SIEM and cyber tools we call Threat Hunting. What does one call pro-actively searching through and correlating threat intel? Is it just the creation of more threat intel or is there a word/phrase for it?

Finally got around adding all these TI links into a wiki page: codeberg.org/cyberseb/ti/wiki/

It already includes a good amount of TI resources but will be updated every time I run across something cool.

Why do you think the NSA is telling us to patch that trust vuln right away?

This is an actively exploited attack vector and slowly becoming mainstream! If you haven't put protection (CASB) in place yet, do it now.

krebsonsecurity.com/2020/01/tr

If your organization cannot afford Enterprise grade DNS security tools, have a look at github.com/StevenBlack/hosts

Looking to add some more miners to our minemeld (github.com/PaloAltoNetworks/mi) instance. Anyone had a lot of success and can recommend one or two sources? Any bad experiences with any of the default miners?

Anyone have a good tool that makes searching through Windows Server DNS Debug Logs easy?

The excitement you feel when your SOC reports the first phishing email that found a way around ATP Safe Links...

When one of your vendors gets crypto-locked and you go through all contracts with them to figure out possible impact on your business...

Interesting times.

When your MSP downloads random tools onto your production servers that trip your AV... *sigh*

Operation Glowing Symphony | If you are into stories about US Cyber Command + Anonymous, this is the coolest podcast episode ever!

podcasts.apple.com/us/podcast/

If you could only establish one new program next year and you don't have any of the below running yet, which program would you start?

The Ultimate Phishing Defense KPI or how to show that your phishing defense is worth the money. rfc.ioc.exchange/seb/the-ultim

@JohnsNotHere Thanks for bringing up the topic of passive DNS as a TI source. Anyone here using passive DNS providers for their TI? What use cases do you support with it?

Which attack vector do you worry most about? (reply if other)

Are you building a team and are in need of a toolset that allows multiple analysts to collaborate on cases and observables/offenses/notables?

Check out the Hive Project: thehive-project.org/

Show more
IOC.exchange

INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Instance is supposed to be fast and secure. Everyone is welcome - Jump on Board!

Our blogs can be found here: https://rfc.ioc.exchange

Other Cyber Communities:
hackers.town
chaos.social
infosec.exchange
social.privacytools.io
cybre.space
librem.one

HAVE FUN and STAY SAFE!