About tameri

In this post, I will show you how to use Mandiant Security Validation (MSV) and threat intelligence from Virustotal to validate whether your endpoint security controls can detect data exfiltration using curl on windows. Your task is to validate wheth...

In this post, I will show you how to use Mandiant Security Validation (MSV) and available exploits to validate whether your internet security controls can detect and/or prevent a Chrome browser exploit. As a Network Security Administrator or Red Team...

In this post, I will show you how to use VirusTotal and Mandiant Security Validation to validate that your internet security controls can detect and/or prevent command and control communication for a malware sample. As a security analyst, you have be...

03-13-2024

Zeek(used to be Bro) is an open-source Network Security Monitor that can be used for Detection System and network traffic analysis framework. Zeek can generate real-time alerts, data logging for further investigation, and automatic program execution ...

03-04-2024

This post is a continuation of Part 1 - Evaluating Security Stack Resilience against Attack use cases - a suggested framework. The following photos will show some of the use cases (or playbooks) that demonstrate how Mandiant Security Validation (MSV)...

04-03-2024

Hi @srijankafle , you can archive by using ingestion notifications , you can find it here https://cloud.google.com/chronicle/docs/ingestion/ingestion-notifications-for-health-metrics

03-25-2024

@ev13 , user guideline can be found here https://cloud.google.com/chronicle/docs/administration/feed-managementWhen you add ThirdParty API, you select Workday and then in the next box you fill the necessary information for authentication

03-22-2024

@Cyber_Chief1999 , have a look at "Google Chronicle - Chronicle Alerts Connector" , I think it meets your requirements. (https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#chronicle-alerts-connector) in SOAR, you c...

03-20-2024

@ravivittal , sure you can use the same for Sharphound or any other tools These URLs are sample to guide and inspire you when write rules specific for your use cases. Regards

03-18-2024

Hello @ravivittal ,Yes, the premises you've outlined for detecting SharpHound and credential dumping activities are generally correct and represent a common approaches in identifying these tools.here, you can find some examples that you can use as gu...

My Stats

tameri's Bio

Badges tameri Earned

Recent Activity

How to use MSV and Virustotal to assess against Data exfiltration using curl

How to create Web Actions - Google Chrome 78.0.3904.70 (CVE-2019-13720) as an example

How to use Security Validation and VirusTotal to measure your Internet Security Controls

Chronicle Search-Zeek A Quick Reference

Part 2 - Evaluating Security Stack Resilience against Attack use cases - a suggested framework

Re: Alert for silent log source

Re: Workday Integration to Chronicle SIEM

Re: UDM Search to find triggered alerts

Re: Hacking Tools - SharpH0und, Cred Dumping, etc.

Re: Hacking Tools - SharpH0und, Cred Dumping, etc.