Security Datasets
@SecDatasets
Contributing datasets, from different platforms, to the InfoSec community to expedite data analysis and threat research! http://github.com/OTRF/Security-Datasets
You might like
🚨 Collecting and sharing logs from the ☁️ 🙏 Thanks to project SimuLand 🏝️ (an @OTR_Community Initiative), we are starting to collect data from known community templates & emulation plans 😎 🌩️AWS Dateset: mordordatasets.com/notebooks/smal… 🏗️ SimuLand: github.com/OTRF/SimuLand/…
Today, Microsoft is open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. Read about the design principles and learn how to deploy: msft.it/6011n46MT
🚨 We decided to re-brand Mordor to @SecDatasets 😈 We’ll cover new types of datasets to extend its application 💜 more coming soon.. 🍻 Help us build the largest library of datasets for the InfoSec community! 🚀 Site: securitydatasets.com/introduction.h… Repo: github.com/OTRF/Security-…
We shared a dataset that contains the core behavior 🍻 You can add more context around it! (i.e. Service creation & execution) @OTR_Community 😈 Data: mordordatasets.com/notebooks/smal… 🛡️@sigma_hq rules: 1⃣ github.com/SigmaHQ/sigma/… 2⃣ github.com/SigmaHQ/sigma/… How Do I use the data? ⏬
#HuntingTipOfTheDay Search for command lines 🔎with 'comsvcs.dll' and 'MiniDump' to find credential dumping. 👀 ✏️Test your detections: gist.github.com/JohnLaTwC/3e7d… 📎References: ▪️risksense.com/blog/hidden-ge… by Jenna Magius and Nate Caroe (@RiskSense) ▪️modexp.wordpress.com/2019/08/30/min…
Importance of data sets for SecOps research and rule testing with projects by @SBousseaden, @Mordor_Project, @Cyb3rWard0g's SimuLand
🚨 In less than 24h 😉, we are sharing telemetry ( #Sysmon, Security & System) through the @Mordor_Project to help everyone 🌎 expedite the validation process of detection rules! @Cyb3rPandaH #CobaltStrike 🗒️Metadata: mordordatasets.com/notebooks/smal… 😈Dataset: raw.githubusercontent.com/OTRF/mordor/ma…
APTSimulator 0.9.0 featuring #CobaltStrike beacon activity simulation with - NamedPipe Creation - Service installation & exec pattern - HTTP beaconing github.com/NextronSystems… If you want to help, add some steps in here: github.com/NextronSystems…
It's time to go to SimuLand! 🎠🎡🎢 But it isn't a new vacation theme park hot spot, it's a new open-source initiative that will help you deploy a lab environment to reproduce real attack scenarios to test your security defenses. Get the details: msft.it/6017VxcHv
Sharing @Mordor_Project datasets for "Getting AD FS Database Config Remotely" (Security, Sysmon & PCAP) @Cyb3rWard0g 🍻🙏 mordordatasets.com/notebooks/smal… 1⃣ A few tool-based comments at the host level 2⃣ Group hosts & processes connecting to AD FS server over port 80 (Usually 443)
New version of #AADInternals out now, including remote dumping of #ADFS configuration database🔥 Read the blog at: o365blog.com/post/adfs/ Credits to @vesat, @doughsec, @BakedSec, @_dirkjan, @gentilkiwi, @MGrafnetter, and @Cyb3rWard0g for your help and previous work!
Sharing some data samples (PCAP & WinEvents) to validate detection of lateral movement via remote scheduled task creation & update 🍻 @OTR_Community 1⃣ Creation: mordordatasets.com/notebooks/smal… 2⃣ Update: mordordatasets.com/notebooks/smal… @HunterPlaybook Library Doc: github.com/OTRF/ThreatHun…
Looking forward to it! 🍻 Let's talk about some of the steps taken before sharing a dataset with the community 💜
THIS FRIDAY: Catch @Cyb3rWard0g in conversation with @mattifestation for the last #AtomicFriday of 2020! bit.ly/33AKlil
Big news ya'll: @Cyb3rWard0g will be hosting our next Atomic Friday on December 11! Join us for a deep dive into @Mordor_Project and learn strategies for expediting data analysis. bit.ly/33AKlil
Don`t Forget to checkout Project SimuLand for ☁️Cloud Datasets mordordatasets.com/notebooks/smal…
Looking for ways to validate detection rules for that specific behavior? A small sample of data and a few rules! Thank you @rbmaslen @domchell @tifkin_ @OTR_Community 😈 Dataset: mordordatasets.com/notebooks/smal… 🏹 @sigma_hq: 1) github.com/OTRF/sigma/blo… 2) github.com/OTRF/sigma/blo…
SharpView, if you've run it on a machine have a look in %TEMP%\ba9ea7344a4a5f591d6e5dc32a13494b you might find a nasty surprise.....
So cool to see this! 👍
If you are wondering what this might look like in Sysmon, we got you covered with a new small dataset. You can simply download it from the link below and explore it with PSH as shown in the second image below 😊 Thank you @jxy__s ! 😈 mordordatasets.com/notebooks/smal…
If you are wondering what this might look like in Sysmon, we got you covered with a new small dataset. You can simply download it from the link below and explore it with PSH as shown in the second image below 😊 Thank you @jxy__s ! 😈 mordordatasets.com/notebooks/smal…
I’m pleased to present this Windows exploit. Process Herpaderping is a method for evading detection - similar to process migration, hollowing, or doppelganging. herpaderping.com
Very happy to join forces, leverage PurpleSharp and share the data with the community! Keep up the great work @mvelazco ! More coming soon.. 😈
Thanks to @Cyb3rWard0g & the @Mordor_Project we are also releasing samples of data (host & network) that you can explore to get familiarized with the data these techniques generate! @OTR_Community mordordatasets.com/notebooks/smal…
😈 Adding more Windows datasets after using @redcanary Atomic Red Team and @mvelazco PurpleSharp 💜 Thank you all for everything you share with the Infosec Community 🌎 Courtesy of the @OTR_Community ! Commit: github.com/OTRF/mordor/co…
HOW to contribute a @Mordor_Project dataset in 2 mins ⏳w/ the help of @redcanary ART & then contribute to @sigma_hq after exploring the data! @OTR_Community ♻️ Clear, Exec & Collect: youtu.be/6iteEfbuwU8 😈 Data: mordordatasets.com/notebooks/smal… 🏹 Rule: github.com/OTRF/sigma/blo…
Check out mordordatasets.com/notebooks/smal… and threathunterplaybook.com/notebooks/wind… - Mordor Dataset and Playbook entry for wuauclt.exe abuse with many thanks to @Cyb3rWard0g 🤜 for his epic work as ever! Will be updating blog with these links too for reference 💪
I found an interesting #LOLBIN using Windows Update Client (wuauclt.exe) as a loader - blog, pull request to LOLBAS and in the wild sample here dtm.uk/wuauclt/ - I am hoping to finalise some of my work on the methodology I used soon @MDSecLabs so keep your eyes posted.
Since I last discussed @brimsecurity use with @Cyb3rWard0g & @Cyb3rPandaH's Mordor APT29 datasets in #toolsmith 144, @OliverRochford has been hard at work for Brim, exploring further & documenting his practice well. Check out medium.com/brim-securitys… & the prior post. Great work!
#Day3 #100DaysOfBlueTeam Today I learned a few things about some open source projects. I must admit I was not expecting the music theme for the example of @Mordor_Project 🤣 youtu.be/kBe6-D1_ais
youtube.com
YouTube
Mordor - Covenant - Kafkacat Consumer Mode - Rubeus asktgt ptt
United States Trends
- 1. Epstein 981K posts
- 2. Steam Machine 53.2K posts
- 3. Virginia Giuffre 56.7K posts
- 4. Bradley Beal 4,918 posts
- 5. Xbox 64K posts
- 6. Valve 36K posts
- 7. Jake Paul 3,978 posts
- 8. Boebert 44.5K posts
- 9. Rep. Adelita Grijalva 21.6K posts
- 10. Clinton 106K posts
- 11. Dana Williamson 8,405 posts
- 12. Maxwell 134K posts
- 13. Anthony Joshua 2,964 posts
- 14. GabeCube 3,676 posts
- 15. #dispatch 56.3K posts
- 16. Scott Boras 1,232 posts
- 17. H-1B 112K posts
- 18. NCAA 12.2K posts
- 19. Dirty Donald 20.2K posts
- 20. Michigan State 9,907 posts
You might like
-
Roberto Rodriguez 🇵🇪
@Cyb3rWard0g -
Olaf Hartong
@olafhartong -
Jose Rodriguez 🇵🇪
@Cyb3rPandaH -
sigma
@sigma_hq -
Tony Lambert
@ForensicITGuy -
Christopher Glyer
@cglyer -
Jonny Johnson
@JonnyJohnson_ -
SOC Prime
@SOC_Prime -
C2 Matrix | #C2Matrix
@c2_matrix -
Samir
@SBousseaden -
Eric Capuano - Bsky: @eric.zip
@eric_capuano -
The Haag™
@M_haggis -
Jorge Orchilles
@jorgeorchilles -
Andreas Sfakianakis / @[email protected]
@asfakian -
ɯɹoʇsuoı
@ionstorm
Something went wrong.
Something went wrong.