Pinboard (asteroza)
https://pinboard.in/u:asteroza/public/
recent bookmarks from asterozaGitHub - rverton/tevents: A private event logger and job monitor for tailnets2023-03-02T02:23:45+00:00
https://github.com/rverton/tevents
asterozatailscale tailnet event monitoring logging software opensource sysadmin security wireguardhttps://pinboard.in/u:asteroza/b:71d8f17bee79/Windows System Calls For Hunters – Marco Ramilli Web Corner2022-08-25T05:57:25+00:00
https://marcoramilli.com/2022/08/23/windows-system-calls-for-hunters/
asterozasecurity logging windows 10 syscall monitoringhttps://pinboard.in/u:asteroza/b:1660b8bcdaac/Black Hat 2022:Blasting Event-Driven Cornucopia - WMI edition2022-08-25T05:53:34+00:00
https://binarly.io/posts/Black_Hat_2022_Blasting_Event_Driven_Cornucopia_WMI_edition/index.html
asterozawindows security WMI disable logging event log ETWhttps://pinboard.in/u:asteroza/b:e2a2ddc4874f/A Begginers All Inclusive Guide to ETW — Blake's R&D2022-07-22T07:24:19+00:00
https://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
asterozawindows security logging ETW loghttps://pinboard.in/u:asteroza/b:101c884ab42e/Paul Melson on Twitter: "PowerShell scriptblock logging plus real-time detection for the use of System.Reflection.AssemblyName() takes so many tools and techniques off the table for attackers and has a very low false positive rate. I cannot recommend thi?2022-06-30T06:06:30+00:00
https://twitter.com/pmelson/status/1540350167920291842
asterozapowershell script block logging security blueteam defense event loghttps://pinboard.in/u:asteroza/b:976791651c89/CrowdSec - The open-source & collaborative IPS2022-05-25T08:10:20+00:00
https://crowdsec.net/
asterozasecurity opensource software CTI IPS network logginghttps://pinboard.in/u:asteroza/b:339e44e0e523/Samir on Twitter: "Microsoft-Windows-CodeIntegrity EID 3033 is a gold #DFIR and detection source DLL hijack/LPE signs (by default its not noisy at all compared to logging all imageloads via sysmon, few legit hits like dtrace), highly recommend to collec?2022-01-20T04:16:20+00:00
https://twitter.com/SBousseaden/status/1483810148602814466
asterozasecurity IoC windows event ID 3033 DFIR EDR logging sysadmin tips trickshttps://pinboard.in/u:asteroza/b:c0884ac5209e/Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth | FireEye Inc2021-09-03T00:08:48+00:00
https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
asterozawindows common log filesystem CLFS high performance logging securityhttps://pinboard.in/u:asteroza/b:926da949ab80/Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.) | Microsoft Docs2021-05-19T00:49:19+00:00
https://docs.microsoft.com/en-us/archive/blogs/jepayne/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem
asterozaWEF sysmon monitoring logging analysis security sysadmin tips trickshttps://pinboard.in/u:asteroza/b:dcaf28f2f453/How to deploy Sysmon and MMA Agent to receive logs in Azure Sentinel? | Microsoft 365 Security2021-05-19T00:47:51+00:00
https://m365internals.com/2021/05/17/how-to-deploy-sysmon-and-mma-agent-to-receive-logs-in-azure-sentinel/
asterozaAzure sentinel sysmon MMA endpoint monitoring logging analystics security sysadmin tips trickshttps://pinboard.in/u:asteroza/b:040ef8b5fb79/Netwrix | Powerful Data Security Made Easy.2021-05-14T07:04:02+00:00
https://www.netwrix.com/
asterozaRDP session video recorder software sysadmin tips tricks logging security audithttps://pinboard.in/u:asteroza/b:20bb9d3a118f/GitHub - JSCU-NL/logging-essentials: A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention.2021-04-23T05:48:05+00:00
https://github.com/JSCU-NL/logging-essentials
asterozasecurity reference information windows logging monitoring collection event ID mapping DFIRhttps://pinboard.in/u:asteroza/b:5bef287b42c1/Determining Which Process Is Making SMB Requests On Windows | xkln.net2021-04-12T03:42:48+00:00
https://xkln.net/blog/determining-which-process-is-making-smb-requests-on-windows/
asterozawindows SMB process identification security logginghttps://pinboard.in/u:asteroza/b:0215d48a4ef7/AWS API calls that return credentials · GitHub2021-02-25T04:50:51+00:00
https://gist.github.com/kmcquade/33860a617e651104d243c324ddf7992a
asterozaAWS security tips tricks logging pentesting hackinghttps://pinboard.in/u:asteroza/b:c47bdab2a826/Ollie Whitehouse on Twitter: "Wanted a way to log not only successful credentials on Windows. That is I wanted to log the passwords attempted against RDP - here is a method: - Disable NLA via gpedit.msc - Install pGina - https://t.co/GOUZX7yiLc - use th?2021-01-19T04:49:56+00:00
https://twitter.com/ollieatnccgroup/status/1346363827533852674
asterozawindows RDP credential login password logging security honeypot tips tricks hackinghttps://pinboard.in/u:asteroza/b:f31897b06875/Microsoft Defender Attack Surface Reduction recommendations | Palantir Blog2021-01-12T06:54:18+00:00
https://medium.com/palantir/microsoft-defender-attack-surface-reduction-recommendations-a5c7d41c3cf8
asterozawindows defender ASR attack surface reduction rule ruleset security hacking pentesting logging defense blueteamhttps://pinboard.in/u:asteroza/b:3d815a6363fc/Keytap2 - acoustic keyboard eavesdropping based on language n-gram frequencies · Discussion #31 · ggerganov/kbd-audio2020-12-17T07:39:48+00:00
https://github.com/ggerganov/kbd-audio/discussions/31
asterozaairgap keyboard press touch input recovery spying surveillance acoustic logging audio analysis ngram language privacy securityhttps://pinboard.in/u:asteroza/b:aa64306675f5/Cloud-Based Infrastructure Monitoring Platform | LogicMonitor2020-11-17T02:10:05+00:00
https://www.logicmonitor.com/
asterozanetwork remote monitoring logging management service sysadmin tools utilitieshttps://pinboard.in/u:asteroza/b:769a500905e6/Remote Network Monitoring & Management System for an IoT World | Domotz2020-11-17T02:08:35+00:00
https://www.domotz.com/
asterozanetwork remote monitoring logging management sysadmin tools utilitieshttps://pinboard.in/u:asteroza/b:8367667f648d/idaholab/Malcolm: Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs.2020-10-27T00:21:46+00:00
https://github.com/idaholab/Malcolm
asterozapacket capture analysis networking security hacking pentesting blueteam defense monitoring logging sysadmin tools utilitieshttps://pinboard.in/u:asteroza/b:93e524190e46/Moloch2020-10-27T00:20:24+00:00
https://molo.ch/
asterozapacket capture analysis networking security hacking pentesting blueteam defense monitoring logginghttps://pinboard.in/u:asteroza/b:4cd5123968ef/October 20, 2020—KB4580390 (OS Build 17763.1554) Preview2020-10-26T02:19:38+00:00
https://support.microsoft.com/en-us/help/4580390/windows-10-update-kb4580390
asterozaUAC event logging ETW windows securityhttps://pinboard.in/u:asteroza/b:4bdce40da08c/bats3c/EvtMute: Apply a filter to the events being reported by windows event logging2020-09-07T03:03:16+00:00
https://github.com/bats3c/EvtMute
asterozaYARA rule evasion windows event logging security hacking pentestinghttps://pinboard.in/u:asteroza/b:9d093896ce9a/Pwning Windows Event Logging with YARA rules2020-09-07T03:02:59+00:00
https://blog.dylan.codes/pwning-windows-event-logging/
asterozaYARA rule evasion windows event logging security hacking pentestinghttps://pinboard.in/u:asteroza/b:69573adb6708/TIL that if you want to evade IPv4 firewall rules or logs you can pad an address with ::ffff: and it’ll be handled by IPv6 sockets; even if your PC only uses IPv4, the victim and intermediaries will treat it as a IPv6 at many critical junctures.2020-08-27T04:19:54+00:00
https://twitter.com/da5ch0/status/1298059622788538370
asterozaipv4 ipv6 address padding firewall evasion logging security hacking pentestinghttps://pinboard.in/u:asteroza/b:fbcbd7f9611d/Rollbar - Error Tracking Software for JavaScript, PHP, Ruby, Python and more2020-07-10T02:28:10+00:00
https://rollbar.com/
asterozawebsite javascript error monitoring tracking logging service webdev sysadmin devopshttps://pinboard.in/u:asteroza/b:bd6be229c0c4/Real-time file monitoring on Windows with osquery | Trail of Bits Blog2020-03-19T08:24:51+00:00
https://blog.trailofbits.com/2020/03/16/real-time-file-monitoring-on-windows-with-osquery/
asterozaosquery windows endpoint realtime file monitoring filesystem security logging managementhttps://pinboard.in/u:asteroza/b:c75d88e049b8/palantir/windows-event-forwarding: A repository for using windows event forwarding for incident detection and response2020-03-10T09:09:27+00:00
https://github.com/palantir/windows-event-forwarding
asterozasecurity palantir windows event forwarding subscription log monitoring logginghttps://pinboard.in/u:asteroza/b:c166b7efa913/Windows Event Forwarding for Network Defense - Palantir Blog - Medium2020-03-10T09:08:54+00:00
https://medium.com/palantir/windows-event-forwarding-for-network-defense-cb208d5ff86f
asterozasecurity palantir windows event forwarding subscription log monitoring logginghttps://pinboard.in/u:asteroza/b:f8d06b380f25/Introducing Tidal - X, the moonshot factory2020-03-04T02:34:49+00:00
https://blog.x.company/introducing-tidal-1914257962c3
asterozagoogle moonshot fish farming monitoring fisheries video behavior logginghttps://pinboard.in/u:asteroza/b:89abb196b1df/n00py on Twitter: "For pentesting, Add this to your .bashrc file. Now you can have a log of everything you did and when you did it." / Twitter2020-02-24T04:45:10+00:00
https://twitter.com/n00py1/status/1230755337797394434
asterozabash script sysadmin tips tricks history command logginghttps://pinboard.in/u:asteroza/b:6eae54d2898f/Kevin Beaumont on Twitter: "A reminder if you're into security detection, monitor BITS usage. A quick thread on how. https://t.co/7tDyvMpzob" / Twitter2020-02-20T08:21:39+00:00
https://twitter.com/GossiTheDog/status/1229430248896434181
asterozawindows security monitoring logging BITShttps://pinboard.in/u:asteroza/b:947c3c96dfc1/SwiftOnSecurity on Twitter: "<TargetObject name="T1042" condition="contains">command</TargetObject> <!--Windows: Sensitive sub-key under file associations and CLSID that map to launch command--> https://t.co/Lbne87ph84" / Twitter2020-02-07T02:06:12+00:00
https://twitter.com/SwiftOnSecurity/status/1224087788452302854
asterozasysmon monitoring registry change windows security logginghttps://pinboard.in/u:asteroza/b:a751cb93b51b/atredispartners/flamingo: Flamingo captures credentials sprayed across the network by various IT and security products.2020-02-06T23:22:03+00:00
https://github.com/atredispartners/flamingo
asterozaflamingo credential capture network monitoring logging security hacking pentestinghttps://pinboard.in/u:asteroza/b:2b643a3c4019/Flamingo Captures Credentials — Atredis Partners2020-02-06T23:21:54+00:00
https://www.atredis.com/blog/2020/1/26/flamingo-captures-credentials
asterozaflamingo credential capture network monitoring logging security hacking pentestinghttps://pinboard.in/u:asteroza/b:05dfb9148cee/jokezone/Update-Sysmon: This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.2020-01-31T01:40:19+00:00
https://github.com/jokezone/Update-Sysmon
asterozasysmon deployment management sysadmin tips tricks monitoring logginghttps://pinboard.in/u:asteroza/b:62fc57721acd/ProductLoggingTracker/ at master · JasonMorrow43/ProductLoggingTracker2020-01-31T01:09:32+00:00
https://github.com/JasonMorrow43/ProductLoggingTracker?files=1
asterozalogging recommendation security sysadmin tips trickshttps://pinboard.in/u:asteroza/b:e945b33f209a/DIY Netflow Data Analytic with ELK Stack by CL Lee2020-01-15T05:35:22+00:00
https://www.slideshare.net/mynog/diy-netflow-data-analytic-with-elk-stack-by-cl-lee
asterozaNetFlow monitoring ELK elasticsearch logstash filebeat kibana sysadmin tips tricks network logginghttps://pinboard.in/u:asteroza/b:fdb590d89abe/Florian Roth on Twitter: "Who else thinks that IMPHASH should be included in @SwiftOnSecurity's Sysmon config? https://t.co/57LGDzgykp… "2019-12-16T06:45:04+00:00
https://twitter.com/cyb3rops/status/1205049902151196672
asterozaSysmon IMPHASH import hash logging monitoring securityhttps://pinboard.in/u:asteroza/b:d606adae5f05/olafhartong/sysmon-modular: A repository of sysmon configuration modules2019-12-16T06:41:50+00:00
https://github.com/olafhartong/sysmon-modular
asterozasysmon configuration module builder sysadmin tips tricks tools utilities security monitoring logginghttps://pinboard.in/u:asteroza/b:1405e3fd075e/SIEMonster | Affordable Security Monitoring Software Solution2019-11-14T08:51:18+00:00
https://siemonster.com/
asterozaSIEM monitoring logging analysis security ELK elasticsearch sysadmin tips trickshttps://pinboard.in/u:asteroza/b:660041cfc246/wercker/stern: ⎈ Multi pod and container log tailing for Kubernetes2019-11-06T05:40:17+00:00
https://github.com/wercker/stern
asterozakubernetes log viewer query software devops logging sysadmin tools utilitieshttps://pinboard.in/u:asteroza/b:e085f24d21d9/Vortimo - Beta32019-11-01T01:42:37+00:00
http://vortimo.com/beta3/
asterozathreat hunting logging notetaking software OSINT security maltego recon topic research support chrome brwoser addon plugin extensionhttps://pinboard.in/u:asteroza/b:85c7a3c20d32/UIforETW – Windows Performance Made Easier | Random ASCII – tech blog of Bruce Dawson2019-10-23T23:31:00+00:00
https://randomascii.wordpress.com/2015/04/14/uiforetw-windows-performance-made-easier/
asterozawindows ETW GUI debugging performance event tracing logginghttps://pinboard.in/u:asteroza/b:f33cd69b6de8/google/riegeli: Riegeli/records is a file format for storing a sequence of string records, typically serialized protocol buffers.2019-10-23T23:17:36+00:00
https://github.com/google/riegeli
asterozasequential string record storage format protobuf logging filehttps://pinboard.in/u:asteroza/b:2c935da45848/google/makerspace-auth: Designs for our makerspace access control devices2019-10-23T07:58:15+00:00
https://github.com/google/makerspace-auth
asterozamakerspace tool machine hardware access logging control authorization RFID managementhttps://pinboard.in/u:asteroza/b:0fa397e72509/google/glog: C++ implementation of the Google logging module2019-10-23T07:56:58+00:00
https://github.com/google/glog
asterozaC++ log logger logging libraryhttps://pinboard.in/u:asteroza/b:fe98000f0a82/google/mtail: extract whitebox monitoring data from application logs for collection in a timeseries database2019-10-23T07:55:15+00:00
https://github.com/google/mtail
asterozalog metrics middleware export monitoring logging devops go prometheushttps://pinboard.in/u:asteroza/b:e7ac4406a93a/google/logger: Cross platform Go logging library.2019-10-23T07:50:23+00:00
https://github.com/google/logger
asterozago logging library event log logger sysloghttps://pinboard.in/u:asteroza/b:763265006b3e/google/capture-thread: Lock-free framework for loggers, tracers, and mockers in multithreaded C++ programs.2019-10-23T06:34:51+00:00
https://github.com/google/capture-thread
asterozaprogramming development C++ debugging logging tracinghttps://pinboard.in/u:asteroza/b:df69d60b08d3/Supercharger for Windows Event Collection2019-10-23T05:53:06+00:00
https://www.logbinder.com/Products/Supercharger/
asterozawindows event collector third party accelerator software sysadmin tools utilities tips tricks security logging monitoringhttps://pinboard.in/u:asteroza/b:178b5c955f25/Fluentd | Open Source Data Collector | Unified Logging Layer2019-10-11T05:44:11+00:00
https://www.fluentd.org/
asterozalogging aggregator agent devops opensource log deliveryhttps://pinboard.in/u:asteroza/b:80f1ef7d7bad/Filebeat: Lightweight Log Analysis & Elasticsearch | Elastic2019-10-11T05:43:42+00:00
https://www.elastic.co/products/beats/filebeat
asterozalog delivery agent software devops elasticsearch logging ELKhttps://pinboard.in/u:asteroza/b:71fa1a852753/Running Defender’s “MpCmdRun.exe -GetFiles” will put MpSupportFiles.cab in the Support directory, which contains Cache_filename_dump-xxxx.bin. This holds a list of 35,000+ entries of recently-seen PE files on the disk.2019-10-04T02:05:09+00:00
https://twitter.com/SwiftOnSecurity/status/1179595333246029824
asterozaDFIR windows defender executable enumeration sysadmin tips tricks security logginghttps://pinboard.in/u:asteroza/b:d15702f0da73/How to get full PC memory specs (speed, size, type, part number, form factor) on Windows 10 | Windows Central2019-08-26T01:57:14+00:00
https://www.windowscentral.com/how-get-full-memory-specs-speed-size-type-part-number-form-factor-windows-10
asterozawindows 10 WMIC device system information sysadmin tips tricks monitoring logginghttps://pinboard.in/u:asteroza/b:a49ff8f0ab02/SwiftOnSecurity on Twitter: "I cheated and used EventCreate.exe to initialize the log lol I’m terrible.… "2019-07-26T04:17:32+00:00
https://twitter.com/SwiftOnSecurity/status/1154562093019828224
asterozawindows sysadmin tips tricks security event logginghttps://pinboard.in/u:asteroza/b:fe598178c226/sbousseaden/Panache_Sysmon: Just another sysmon config2019-07-08T07:17:09+00:00
https://github.com/sbousseaden/Panache_Sysmon
asterozaSysmon configuration file sysadmin tips tricks monitoring logginghttps://pinboard.in/u:asteroza/b:cb5652911e3f/Using Sysmon and ETW For So Much More - Binary Defense2019-06-27T05:28:58+00:00
https://www.binarydefense.com/using-sysmon-and-etw-for-so-much-more/?hss_channel=tw-2715666338
asterozasysmon ETW windows logging monitoring security event tracinghttps://pinboard.in/u:asteroza/b:7798755f2109/Visualizing BloodHound Data with PowerBI — Part 2 – Posts By SpecterOps Team Members2019-06-17T07:50:06+00:00
https://posts.specterops.io/visualizing-bloodhound-data-with-powerbi-part-2-3e1c521fb7ae
asterozaneo4J PowerBI information visualization logging securityhttps://pinboard.in/u:asteroza/b:d9a4b0aa9716/Sysmon v10 with DNS logging and OriginalFileName reporting is out2019-06-12T05:30:42+00:00
https://twitter.com/SwiftOnSecurity/status/1138648096118886400
asterozasysmon DNS logging endpoint security eventhttps://pinboard.in/u:asteroza/b:8cc14f838797/Secure your journey to the cloud with free DMARC monitoring for Office 3652019-06-05T01:09:29+00:00
https://www.microsoft.com/security/blog/2019/06/03/secure-cloud-free-dmarc-monitoring-office-365/
asterozaoffice365 DMARC email validation free security monitoring logging sysadmin tips trickshttps://pinboard.in/u:asteroza/b:79ee9a361aeb/Releases · vmware-samples/incident-reporting2019-06-03T04:15:31+00:00
https://github.com/vmware-samples/incident-reporting/releases
asterozaVMware opensource incident logging reporting software securityhttps://pinboard.in/u:asteroza/b:67e1d42ccde2/Install OpenNMS Network Monitoring Tool in CentOS/RHEL 72019-05-24T07:02:11+00:00
https://www.tecmint.com/install-opennms-network-monitoring-in-centos-rhel/
asterozaOpenNMS network monitoring logging setup guide tutorial reference information javahttps://pinboard.in/u:asteroza/b:d7f04de63a97/IMF Security2019-05-09T04:46:20+00:00
https://www.imfsecurity.com/
asterozalocal event logging free tools utilities DFIR windows security software sysadmin tips trickshttps://pinboard.in/u:asteroza/b:3fdaa2740f2e/Cheat-Sheets — Malware Archaeology2019-05-07T05:28:24+00:00
https://www.malwarearchaeology.com/cheat-sheets
asterozasecurity logging cheatsheet reference information hacking pentesting event log threat hunting windowshttps://pinboard.in/u:asteroza/b:d4efdf17499c/Log Analysis Part 3 – Lateral Movement - Active Countermeasures2019-05-07T00:58:41+00:00
https://www.activecountermeasures.com/log-analysis-part-3-lateral-movement/
asterozaAD active directory logging analysis lateral movement detection defense security hacking pentestinghttps://pinboard.in/u:asteroza/b:273b617f802a/noscript-tracking.go2019-05-06T07:53:54+00:00
https://gist.github.com/wybiral/c8f46fdf1fc558d631b55de3a0267771
asterozago realtime cursor tracking monitoring logginghttps://pinboard.in/u:asteroza/b:c554279a218c/ukncsc/lme: Logging Made Easy2019-04-23T23:34:52+00:00
https://github.com/ukncsc/lme
asterozalogging monitoring security windows event forwarding sysmon ELK elasticsearch logstash kibana sysadmin tools utilities opensource stackhttps://pinboard.in/u:asteroza/b:a81f1ff27205/Princeton IoT Inspector2019-04-17T22:56:39+00:00
https://iot-inspector.princeton.edu/
asterozaIot network traffic collector analyzer software monitoring logging security privacyhttps://pinboard.in/u:asteroza/b:ffa0749c0574/facial recognition at walking speed2019-03-26T07:51:05+00:00
https://www.blinkidentity.com/
asterozafacial recognition biometrics venue gate entry management logging securityhttps://pinboard.in/u:asteroza/b:df898eeae929/