⊕We’ve added 𝗖𝗶𝘀𝗰𝗼 𝗦𝗲𝗰𝘂𝗿𝗲 𝗘𝗻𝗱𝗽𝗼𝗶𝗻𝘁 to the EDR-Comparison.com platform!! Cisco shows strength in prevention, indicator alerting, and response automation, with solid investigation visuals and well-documented APIs that integrate easily into broader security stacks. It’s a platform that leans more...

As we are are approaching our goal, starting January, we’re updating the pricing for the 𝗘𝗗𝗥 𝗙𝗲𝗮𝘁𝘂𝗿𝗲 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗦𝗲𝗿𝘃𝗶𝗰𝗲. The platform has grown far beyond the initial dataset, and the new pricing reflects the depth of work going into the next phase of the project. 𝗪𝗵𝗮𝘁’𝘀 𝗰𝗼𝗺𝗶𝗻𝗴 𝗻𝗲𝘅𝘁:

I’ve been getting a lot of questions lately about the difference between the 𝗘𝗗𝗥 𝗧𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆 𝗣𝗿𝗼𝗷𝗲𝗰𝘁 and the 𝗘𝗗𝗥 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗦𝗲𝗿𝘃𝗶𝗰𝗲. They’re related, but they solve completely different problems. Telemetry 𝗶𝘀 𝗼𝗻𝗲 𝗽𝗶𝗲𝗰𝗲 𝗼𝗳 𝘁𝗵𝗲 𝗽𝘂𝘇𝘇𝗹𝗲. The comparison service 𝗹𝗼𝗼𝗸𝘀 𝗮𝘁 𝘁𝗵𝗲 𝗲𝗻𝘁𝗶𝗿𝗲 𝘀𝗼𝗹𝘂𝘁𝗶𝗼𝗻.

This report from Bleeping is crazy, is You can't make this stuff up! 😂 www.bleepingcomputer.com/news/securit...

Quick update. We just added a new EDR vendor directory page to the platform. If you want a clean overview of who’s included and a preview of the comparison features, start here: www.edr-comparison.com/directory

Heads-up on CVE-2025-55182: a CVSS 10.0 pre-auth RCE affecting React Server Components 19.x. Can be triggered through malicious HTTP payloads, so there will be chaos when a POC comes out. On that note...there are many fake POCs circulating. Be careful what you run. A POC is not available yet.

🚨𝗕𝗶𝗴 𝗱𝗮𝘆 𝗳𝗼𝗿 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝗦𝘁𝗿𝗲𝗮𝗺. 𝗢𝗻𝗲 𝗼𝗳 𝗼𝘂𝗿 𝗹𝗮𝗿𝗴𝗲𝘀𝘁 𝗿𝗲𝗹𝗲𝗮𝘀𝗲𝘀 𝘆𝗲𝘁. The platform now supports official pySigma validation fully in-browser, compiled to WebAssembly. Same validation as sigma-cli. Thanks to @sifex from detection.studio for the inspiration behind the implementation. Here’s what we added:👇

A lot of folks have been asking how we run our EDR testing and what the methodology looks like behind the scenes. I put together a full deep dive walking through our process, the tooling we use, and how we score everything based on direct telemetry.

If you’re trying to use Wazuh for threat hunting or incident response, stop wasting your time. Wazuh is fine for compliance and system visibility, but that’s where it ends.

𝗥𝗼𝗮𝗱𝗺𝗮𝗽 𝘂𝗽𝗱𝗮𝘁𝗲: the first milestone is done. The Interactive Comparison Interface now has its core engine in place. Good progress for week one, and more updates are coming along with more EDR vendors!

I just finished a big update for the EDR Telemetry website. We’re preparing for many exciting updates and want to make sure we’re ready 🙂 Check it out and let me know what you think - www.edr-telemetry.com

I'm reviving Teletracker. Missed working on it and it deserved a second life. I'm rt is way more useful for investigations. Drop in a bot token from malware and see threat actor comms directly from a clean web interface. Demo video attached. Let me know your thoughts!

𝗦𝘂𝗿𝗶𝗰𝗮𝘁𝗮 𝗶𝘀 𝗻𝗼𝘄 𝗽𝗮𝗿𝘁 𝗼𝗳 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝗦𝘁𝗿𝗲𝗮𝗺 𝘄𝗶𝘁𝗵 𝗽𝗹𝗮𝘆𝗴𝗿𝗼𝘂𝗻𝗱𝘀 𝗮𝗻𝗱 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀! Big update for anyone working on network detections. 𝗜𝗻𝗰𝗹𝘂𝗱𝗲𝗱: • 45k+ ET rules available out of the box • Full ET Open ruleset preloaded • Build and validate custom Suricata rules

Cloud Flare’s outage yesterday came down to one thing. A feature file in Bot Management quietly doubled in size and blew past an internal limit, which cascaded across their proxies. Full writeup ➡️ blog.cloudflare.com/18-november-...

Me trying to launch my new EDR comparison service while Cloudflare has an outage🤦‍♂️

🚀 𝗧𝗵𝗲 𝗘𝗗𝗥 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗶𝘀 𝗻𝗼𝘄 𝗹𝗶𝘃𝗲. If you’ve been following the EDR Telemetry Project, this is the next step: A full breakdown of how each EDR actually implements its features. 🔥 𝗟𝗶𝗳𝗲𝘁𝗶𝗺𝗲 𝗮𝗰𝗰𝗲𝘀𝘀 𝗮𝘃𝗮𝗶𝗹𝗮𝗯𝗹𝗲 𝗳𝗼𝗿 𝗲𝗮𝗿𝗹𝘆 𝗮𝗱𝗼𝗽𝘁𝗲𝗿𝘀 (𝗹𝗶𝗺𝗶𝘁𝗲𝗱 𝘁𝗶𝗺𝗲). Intro blog: edr-comparison.com/blog/navigat...

My favourite thing about using AI is that I don't have to choose how to name sh*t anymore. That's mostly: - Blog Titles - Script names/variables/functions etc. - DB table names/columns It was draining me, I can't go back... 😂

Proud to share that DetectionStream is now collaborating with the Sigma community to create opportunities for people to learn and grow within detection engineering. We’ve set up two channels for general discussions and challenge creation. Join here: discord.gg/KfdbeQpp

Suricata support is coming to DetectionStream.com this upcoming week! You’ll be able to: ➡️ View and edit all emerging rules ➡️ Test your detections instantly against your PCAPs (everything client-side) ➡️ Create your detections and share them with everyone (AI optional😉) 🔜🔜🔜

As I was looking for malware (like you do on a quiet Friday afternoon 😂) I found a classic fake “your system is infected” page. After the fake scan, the Renew Now button goes straight to Avast through an affiliate link🤣🤣 TAs doing a 180, selling AV to get their commission LOL

Anthropic basically spent the whole piece highlighting how their AI can be leveraged for intrusion activity, but didn’t give defenders a single IOC or attribution hint 😩 But hey, you now know their AI is good for pen-tests... 90% Flex 10% Value 🔗: www.anthropic.com/news/disrupt...

Just in: DoorDash breached… “unauthorized third party gaining access to and taking certain user contact information…but may have included first and last name, phone number, email address and physical address” Next paragraph: “No sensitive information was accessed” 🤦‍♂️

Did a big server rack upgrade today and took cable management seriously for the first time. It all looks so neat and professional. I don’t think I could ever go back, there is something special about it😮‍💨 Time to put it to use 😆 Big things coming next year… watch this space!

🍁🍂 Winter rides are 🔥

It’s been just 1 week since launch and 150+ people have registered, shared feedback & competed on the leaderboard! Huge motivation to keep building 💪 More challenges next week and with a FREE training module coming up!! Appreciate the support!!🙏 🔗detectionstream.com/sigma/training/gamified

A new strain called PromptFlux uses Google’s Gemini to regenerate its code every hour for evasion. Its prompts are basically self-update instructions. Imagine if you tweak the txt prompts to say “Create a 10,000-word report on...”, that'd be funny 😂💸💸 cloud.google.com/blog/topics/... #ImposeCost😂

Linux is finally getting some love 🐧 CrowdStrike now covers service + driver + user events, a big win for investigators tracking system-level activity. In our testing, we only use system-level operations and ignore indirect events. Details edr-telemetry.com/linux

This is the coolest coin I’ve ever received. Huge props to @Defcon604 for everything they do for the Vancouver community. Was awesome presenting to a packed room of 50+ folks, great energy and engagement all around. 🔥

When I started DetectionStream, I wanted to make learning detection frameworks less…boring. Theory is great, but where do you actually practice? So I built something: the Sigma Training Platform. It’s basically what I wish existed when I was learning this stuff….👇

📢DetectionStream quick update. The 𝗦𝗶𝗴𝗺𝗮 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺 is almost ready. I’m planning to launch it next week with 𝟭𝟬+ 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 you can dive into right away. Each challenge is designed to help you: ➡️ Practice Sigma rule creation ➡️ Understand detection logic fundamentals...👇

A normal InfoSec Friday be like... 😂

🚀 𝗕𝗶𝗴 𝘂𝗽𝗱𝗮𝘁𝗲 𝗳𝗼𝗿 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝗦𝘁𝗿𝗲𝗮𝗺! I’ve just rolled out authentication, unlocking new personalization features while keeping the core experience open to everyone. • 𝗦𝗶𝗴𝗻-𝗶𝗻 𝗼𝗽𝘁𝗶𝗼𝗻𝗮𝗹: You can still explore, test, and learn without an account. • 𝗦𝗶𝗴𝗻-𝗶𝗻 𝗲𝗻𝗵𝗮𝗻𝗰𝗲𝗱: If you do log in, you can now sa...

I recently came across the permissive trial access that the OpenEDR platform provides, and it got me thinking, they're definitely not the only ones doing this... So I decided to use OpenEDR as a case study to highlight a broader issue: 𝗹𝗲𝗴𝗶𝘁𝗶𝗺𝗮𝘁𝗲 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘁𝗼𝗼𝗹𝘀 𝗯𝗲𝗶𝗻𝗴 𝘄𝗲𝗮𝗽𝗼𝗻𝗶𝘇𝗲𝗱 𝗯𝘆 𝘁𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀.

𝗦𝗲𝗲𝗶𝗻𝗴 𝘀𝗼𝗺𝗲 𝘀𝗲𝗰𝗿𝗲𝘁𝘀𝗱𝘂𝗺𝗽 𝗮𝗰𝘁𝗶𝘃𝗶𝘁𝘆 𝗶𝗻 𝘁𝗵𝗲 𝘄𝗶𝗹𝗱 𝗹𝗮𝘁𝗲𝗹𝘆, 𝗮𝗻𝗱 𝗶𝘁’𝘀 𝘁𝗿𝗶𝗰𝗸𝘆 𝘁𝗼 𝗰𝗮𝘁𝗰𝗵 𝗯𝗲𝗰𝗮𝘂𝘀𝗲 𝗼𝗳 𝗮𝗹𝗹 𝘁𝗵𝗲 𝗳𝗮𝗹𝘀𝗲 𝗽𝗼𝘀𝗶𝘁𝗶𝘃𝗲𝘀. The recent NetExec update (codename SmoothOperator) pushed me to share this one 👇 🔗 www.netexec.wiki/news/v1.4.0-... 𝗙𝗶𝗿𝘀𝘁 𝗲𝘃𝗲𝗻𝘁 (𝟰𝟲𝟳𝟮) Special privileges assigned to new logon:

Here we go again… F5 disclosed a serious intrusion by a sophisticated nation-state threat actor who gained long-term access and stole files from their development and knowledge systems. Likely potential source code and undisclosed ready to exploit. 1/

𝗣𝗮𝗱𝘃𝗶𝘀𝗵 𝗘𝗗𝗥 𝗯𝗲𝗰𝗼𝗺𝗲𝘀 𝘁𝗵𝗲 21𝘀𝘁 𝗮𝗱𝗱𝗶𝘁𝗶𝗼𝗻 𝘁𝗼 𝘁𝗵𝗲 𝗘𝗗𝗥 𝗧𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 🔥 Love seeing emerging vendors push this level of real-time telemetry, solid visibility through ETW, AMSI, and mini-filters. 𝗧𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆 like this helps move the whole industry forward. Results: www.edr-telemetry.com/windows

𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗦𝘁𝗿𝗲𝗮𝗺 𝗨𝗽𝗱𝗮𝘁𝗲: Two highly requested features just went live 🚀 1. 𝗗𝗲𝗲𝗽 𝗟𝗶𝗻𝗸𝘀: share specific rules via hashtag#rule_id or full YAML 2. 𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 𝗥𝘂𝗹𝗲𝘀: export all rules matching your filters (gzip) 3. 𝗔𝗱𝗱𝗲𝗱 "𝘊𝘳𝘦𝘢𝘵𝘦 𝘳𝘶𝘭𝘦𝘴 𝘸𝘪𝘵𝘩 𝘈𝘐" functionality for both 𝗬𝗮𝗿𝗮 and 𝗡𝗼𝘃𝗮 frameworks ... continue👇

I built this tool for myself. Shared a preview here a few days ago… and wow. Didn’t expect such a strong response. Thanks everyone who reached out 🙏 Because of that energy, I pushed harder and: ➡️ Polished the Sigma experience, now with Nova integrated ➡️ Built two playgrounds for hands-on learning

I've built this platform for myself to quickly search and create detection rules. Considering that we(the DE community) have amazing platforms like Sigconverter (sigconverter.io ) and (detection fyi) detection.fyi, would anyone find value in having FREE access to this all-in-one platform?

The EDR Telemetry Project revealed what EDRs can see. ➛ Now, we show how they compare. Coming soon!

There is still time to register: dfirlabs.thedfirreport.com/dfirchallenge

📢 Excited to share that 𝐁𝐢𝐭𝐝𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐄𝐃𝐑 (GravityZone Business Security Enterprise) is now part of the 𝐄𝐃𝐑 𝐓𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐟𝐚𝐦𝐢𝐥𝐲. Bitdefender has introduced improvements to its telemetry control, no longer requiring a data retention license to change what telemetry is being sent.... 👇

🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 The Windows table just got an update with 3 new sub-categories: ➡️ VSS Deletion ➡️ Win32 API Telemetry ➡️ JA3/JA3s Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.

Turns out this npm compromise was a bit of a nothing burger. But imagine if the threat actors had been careful and methodical. Imagine they stayed quiet and blended in... With the access they had, they could’ve done far worse. This time we got lucky. Next time, maybe not. Or maybe... 👇

𝗡𝗲𝘃𝗲𝗿 𝘁𝗵𝗼𝘂𝗴𝗵𝘁 𝘁𝗵𝗶𝘀 𝗽𝗿𝗼𝗷𝗲𝗰𝘁 𝘄𝗼𝘂𝗹𝗱 𝗿𝗲𝗮𝗰𝗵 𝘁𝗵𝗶𝘀 𝗸𝗶𝗻𝗱 𝗼𝗳 𝘀𝗰𝗮𝗹𝗲. Especially not as an independent, non-corporate platform focused purely on technical content. Started as a small side effort to compare EDR telemetry and support hunting workflows. Now it’s here.... 👇 1/x

Every pixel of this graphic is a lie. It insults the people actually fighting threats daily and rewards the companies that can’t even catch a cold. Absolute cancer for the industry… Pay up or get shoved in the ‘loser’ box. Embarrassing trash.

🚨 New lab just went live: Specter’s Domain Heist Pulled straight from a recent intrusion we worked on. 20 challenges in total. Difficulty is hard, but we’ve added hints along the way so you’re never stuck. Each question pushes you deeper through the intrusion lifecycle. Hope you’ll like it! Links👇

Creating Images for our next DFIR Labs has never been easier thanks to Google Gemini 😂 New Lab is dropping 🔜

“EDR bypassed! Victory!” …not really. You just lit yourself up. Telemetry stacks, correlations build, and now every move screams suspicious. EDR isn’t blind. You just can’t see the flags

Trump is giving a press conference every day, he seems to love talking to reporters. Where does he find the time to get anything done? 😂