Bhavin Patel
@hackpsy
Threat Research Team @splunk Maintainer of #atomic-red-team
You might like
More sysadmins need to know this… User logon restrictions are free. Create a GPO and call it “DC Logon Restrictions - Domain Admins Only” Configure User Rights Assignment for DA accounts to log on locally on domain controllers and deny log on locally on end-user workstations.
Never underestimate a properly caffeinated user and a little PowerShell knowledge ☕🔑😆
🥳 Woah! we got a new #Kubernetes Goat 🐐 scenario on @ciliumproject Tetragon for eBPF-based runtime #security monitoring, detection & enforcement 🚀 🔥Try it out yourself at madhuakula.com/kubernetes-goa… 🌟 Give a start if you like github.com/madhuakula/kub… #CNCF #Hacking #Community
Isn’t it amazing that some of the best research and tools, is literally free because of some passionate skilled people devote their time to sharing?! 🙏🙌💪
[New Blog 📚] The Fragile Balance: Assumptions, Tuning, and Telemetry Limits In Detection Engineering If you ever struggle with false positives and the idea of tuning detections. This is for you. Read More - nasbench.medium.com/the-fragile-ba…
![nas_bench's tweet image. [New Blog 📚] The Fragile Balance: Assumptions, Tuning, and Telemetry Limits In Detection Engineering
If you ever struggle with false positives and the idea of tuning detections. This is for you.
Read More - nasbench.medium.com/the-fragile-ba…](https://pbs.twimg.com/media/GyRUjGIXcAUxKst.jpg)
Picture Paints a Thousand "Codes": STRT analyzed a Quasar RAT campaign using image steganography to hide payloads inside harmless-looking images. 🔍 In our latest blog: How it works Key TTPs Detection for #Splunk & #Cisco NTDR Read: splunk.com/en_us/blog/sec… #int3 Demo tool:
LOLRMM.io now tracks over 290 RMMs, with new ones being added regularly. These tools provide legitimate functionality but are frequently repurposed by attackers. Read here: buff.ly/oNbWfa6 If you're not using them in your setup, why allow them to run?…
So I was deep in my webshell era this week 🧙♂️🕸️💻 and—plot twist—I totally got owned... by myself 😂 Naturally, I pulled the classic move: Did I read the source? Nope. Did I run it anyway? YOLO 🪂💥 Next thing I know, it casually goes full ninja mode and drops: cmd.exe ➡️…
🚨 NEW BLOG DROP 🚨 A little late to the CitrixBleed party… But still REALLY worth your time 🧠💥 💻 CitrixBleed (CVE‑2025‑5777) 🩸 Memory exposure ➡️ token hijacking 🛡️ Detection + mitigation tips inside! 👉 Read it now: splunk.com/en_us/blog/sec… ⸻ 🔍 What you’ll learn: •🚔…
🚀 Happy to share my latest blog on @splunk: "Unlocking Endpoint Network Security Insights with Cisco Network Visibility Module (NVM) and Splunk" 🔗 Check it out here - splunk.com/en_us/blog/sec… In this post, I walk through how Cisco Network Visibility Module (NVM) works, the…
Stoked to present the research #STRT did with our Talos friends alongside @nas_bench and John Levy! And it includes a sweet demo at the end. Come say Hi :)
Let's supercharge your SOC. 🔋 Join the Splunk Threat Research Team alongside @TalosSecurity on July 23 to learn how to seamlessly integrate @Cisco Secure Firewall with #SplunkSecurity to up-level your response strategies.
Come see me at RSAC! I'll be speaking about common threat actor techniques seen in AWS intrusions, and why they're terrible! It'll be a Gordon Ramsey-style critique of cloud threat actors. In addition, we'll talk about how you can attack AWS environments better!
Introducing 🚀Eventlog Compendium 🚀 A new Streamlit app, that aims to be the go-to resource for understanding and playing with Windows Event Logs. Explore it 👉 eventlog-compendium.streamlit.app Includes the following utilities and docs ⚙️ Build your own Advanced Audit Policy based on…
SQL attacks are getting stealthier. Now is your chance to stay ahead with insights from the Splunk Threat Research Team on how your database can turn against you — and how to shut it down fast: splk.it/42likc4 #SplunkSecurity
The new documentation for contentctl buff.ly/4hPEbyR by Lou Stella is awesome. It now includes a straightforward guide for beginners, along with templates to streamline the testing and validation of Splunk content using GitHub Actions. If you haven't explored this…
Cool people add ASCII art to their tools, at #STRT we add a a flag that `recognize` your value threat researcher♥️! github.com/splunk/content… thank you @SnekCharmerr for letting me run with the silly.
AttackRuleMap.com now supports Linux attack and detection rules, in addition to Windows! With 88 new Linux attacks added, this open-source solution, aligned with Sigma and Splunk rules, takes multi-platform threat detection to the next level.
Excited to share my new project: AttackRuleMap This project maps #AtomicRedTeam simulations to open-source detection rules like #SigmaRules and #Splunk ESCU rules (maybe more in the future). Currently for Windows, with plans to support more platforms. attackrulemap.netlify.app
United States Trends
- 1. Raindotgg 1,869 posts
- 2. Louisville 13.4K posts
- 3. Ortiz 13.7K posts
- 4. Nuss 5,502 posts
- 5. Miller Moss 1,050 posts
- 6. Bama 13K posts
- 7. Ty Simpson 3,200 posts
- 8. The ACC 19.8K posts
- 9. Brohm N/A
- 10. Emmett Johnson 1,052 posts
- 11. #AEWCollision 9,443 posts
- 12. Clemson 6,368 posts
- 13. Lagway 3,458 posts
- 14. UCLA 6,686 posts
- 15. Hawks 16.9K posts
- 16. #RockHall2025 5,063 posts
- 17. Kentucky 30.8K posts
- 18. #RollTide 5,183 posts
- 19. Stoops 1,931 posts
- 20. Wake Forest 2,125 posts
You might like
-
Olaf Hartong
@olafhartong -
Jose Enrique Hernandez
@_josehelps -
Ryan K
@meansec -
The Haag™
@M_haggis -
J⩜⃝mie Williams
@jamieantisocial -
Mauricio Velazco
@mvelazco -
Adam Pennington
@_whatshisface -
Anton
@Antonlovesdnb -
Andrew
@4ndr3w6S -
Bishop Fox
@bishopfox -
Dr. Nestori Syynimaa
@DrAzureAD -
Silas Cutler (p1nk)
@silascutler -
Wietze
@Wietze -
Ryan "Chaps" Chapman
@rj_chap -
GIAC Certifications
@CertifyGIAC
Something went wrong.
Something went wrong.