BC TECH
Saved by @SteveeRogerr

For threat hunting, a non-trivial amount of the work is referencing, creating, and updating system and network inventory. This doesn't get talked about enough as a skill set that someone develops. 1/

 Threat hunting is all about finding anomalies that automated detection mechanisms don't find. That means manual anomaly detection, which sometimes means weeding out things that are normal. 2/
For example, let's say you discover a binary that runs in the middle of the night on a host and that's weird! So, you eventually search for the prevalence of that behavior and see it running on other hosts in that department. 3/
At the same time, you find this host talking to a weird internal system on an odd low port you haven't seen before. In this case, that behavior is nowhere else on the network. 4/
Eventually, you talk to an IT person or user in that department and find out the process is some special software they use and the weird system is a dedicated server for it, and it's all legit. Job's not done, though. 5/
Now, you gotta write that stuff down. It needs to be in a place where other analysts can quickly reference it, and even better, where you can reference it a year from now when you've long forgotten about it. 6/
In my hunting class, I teach folks how to take effective hunting notes and translate those into some sort of security wiki as necessary. Beyond that, hunters gotta know how to access and interact with whatever inventory software the org is running. 7/
I say this bc I have a lot of followers here and people who take my hunting class who are caught off guard by the need to do these things. Knowing a network is a critical part of the job, and the ability to do that effectively is a skill set you must develop as part of it. 8/
Not all threat hunting is chasing attackers through servers. Much of it is finding things that are normal and documenting them so you (or your peers) don't spend as much time on them later. 9/
As far as referencing knowledge sources. Consider that for every behavior you might identify, ask yourself, how would I determine if this was normal? You should be able to answer this for the most common types of behaviors you'll see. 10/
Behaviors might include processes launching, per-protocol network communication, authentication, file deletion, and many other observable things. Sometimes answerable with evidence, but sometimes other sources of knowledge like an asset DB. 11/
For example, how would you know if an auth behavior was normal? Well, you can look at past auth behaviors, look at those behaviors within a department, look at future auth behaviors, ask the user, or look at a security wiki, or past tickets. 12/
More broadly, to determine if a behavior is normal, it means crafting SIEM/data search queries (looking in the past), setting up new data capture (looking in the future), or examining other sources of facts (asset DB, AD, etc). The last two are the most overlooked. 13/
You can think of this like a doctor who is trying to determine if some test result is normal for a patient. If possible they look historically, if not they look in the future. Sometimes they examine related sources of facts. 14/
Bottom line: If you are a threat hunter, you are also a custodian of network knowledge. Take time to develop that skill. Ignore that responsibility at your own peril. 15/
There are two great ways to start today.

First, do you have some sort of wiki or repo where you can store network knowledge? No? Set one up.

Second, figure out what asset DB software you use, get access, and learn how to query it effectively and quickly. 16/
This morning's thread brought to you by the screams of hundreds of analysts who thought they wanted to be threat hunters but didn't realize what the job fully entailed.

Alas, it's a beautiful day to catch bad guys. 17/17

More from Tech

Laurie Voss
Laurie Voss
@seldo
The 2018 State of JavaScript survey is out. They got 20,000 responses and have some delicious, delicious data. I'mma thread in some highlights:

First up: JavaScript flavors. There's TypeScript at 47% adoption, a tad higher than npm's own survey results (which said 46%). npm's survey is coming up again soon and will ask about TypeScript in a lot more detail.


I really, *really* like SoJ's "would not use again" question, which lets people who've abandoned a tech self-identify. This is noticeable in the graph above with Flow users -- 41% of people who've used Flow say they wouldn't use it again.

Now JavaScript frameworks. It's been a full year since npm's survey, so these numbers differ from ours in the directions I expected:
React 65% (vs. 60%)
Vue 29% (vs. 24%)
Ember 5% (vs 4%, I was expecting a bigger rise)

But there's a shocker in here: Angular.


npm's survey had Angular at 40% last year and SoJ has it at either:
- 58% (if you include those who don't want to use it again)
- 24% (if you count only those who like it)
Since npm's question didn't ask if they intend to *continue* using it I think that might explain this.
TECH
Simon DeDeo
Simon DeDeo
@SimonDeDeo
So, today, for the first time in 25 (!) years of Apple, I downgraded. From the 2016 MacBook Pro to my 2013, which I had kept in a drawer...


It was pretty simple to do—Apple Time Machine backups let me do it with one click.

That first tweet captures, in two pictures, how badly Apple has “lost the plot” (to quote @wylieprof). On the right is the Apple MagSafe adapter, from 2013. On the left, what I had “upgraded” to.

Thanks, Apple! I really was nostalgic for worrying about yanking my computer off the table.

Oh and I really appreciated not knowing if my computer was charging. What was great was the little whoop sound you used, so that the speaker before me could be informed I was charging my laptop.
TECH
Advertisement
DHH
DHH
@dhh
Facebook may well be exceptionally nasty and it’s leadership particularly deceitful, but the whole enterprise is the natural conclusion to an ad-powered social network. Ever greater surveillance, hyper targeting, and engagement baiting is what the basic incentives demand.

Facebook cannot change course. The best they can do is keep dishing out empty apologies, commit to inconsequential adjustments to its algorithms, and spend more money on positive PR and negative projection. The rot is at the core of its very being.

This is why we, consumers and citizens, must make the change for Facebook. Antitrust forcing a breakup of the business, and consumer revolt driving #DeleteFacebook. Zuckerberg will never conclude that what he built has become such a net negative for the world on his own.

That’s why its so tragic that WhatsApp sold out to Facebook in particular. Finally a challenger that had a different model and different ethics. But few would say no to $19B, which is why we need antitrust enforcers to do it for them.
TECH
Knarf
Knarf
@Knarf93
@zkat__ I'm in the position that I actually find npm / yarn the best ecosystem. Whenever I use something else I always end up stubbing my toe into something thats missing / feels wrong.

Ex. Cargo seems to neither have a concept of devDependencies nor peerDependencies.

I also can't understand why it wouldn't have an "add" command to add a new dependency. And I'm no fan of Toml, json is greate (easy to parse and build tooling around), and the better option in my opinion would be json5.

C / C++ seems to just not have language package managers. The linux / bsd crowd seem to have decided that the system package manager also should be the language package manager. Which might have been fine if every Linux distro used the same system package manager.

Instead we end up with a N x M problem. Where we have a bunch of different operating systems and they all support multiple system package managers. So there's no easy way of distributing, referencing and updating C / C++ packages.

It is also my opinion that the compiler / runtime should be a package dependency. I don't like Rust's split between rustup and cargo (they should have been one tool). Similarly it would be better if you added Node as a dependency to package.json, that way we wouldn't need NVM.
TECH
Katrina Leonoudakis \U0001f453 Miyamura Appreciation Club
Katrina Leonoudakis 👓 ...
@katrinaltrnsl8r
Machine translation can be a wonderful translation tool, but its uses are widely misunderstood.

Let's talk about Google Translate, its current state in the professional translation industry, and why robots are terrible at interpreting culture and context.

Straight to the point: machine translation (MT) is an incredibly helpful tool for translation! But just like any tool, there are specific times and places for it.

You wouldn't use a jackhammer to nail a painting to the wall.

Two factors are at play when determining how useful MT is: language pair and context.

Certain language pairs are better suited for MT. Typically, the more similar the grammar structure, the better the MT will be. Think Spanish <> Portuguese vs. Spanish <> Japanese.

No two MT engines are the same, though! Check out how human professionals ranked their choice of MT engine in a Phrase survey:
https://t.co/yiVPmHnjKv


When it comes to context, the first thing to look at is the type of text you want to translate. Typically, the more technical and straightforward the text, the better a machine will be at working on it.
TECH

You May Also Like

\U0001f1fa\U0001f1f8 Jules \U0001f1fa\U0001f1f8
🇺🇸 Jules 🇺🇸...
@mayweliveasONE
2021 Predictions‼️

Made by James Howard Kunstler

👇🏻👀

Kunstler is said to be one of the best thinkers and authors of our modern era. He’s well known as an expert in energy economics, among other topics.

He is NOT a fan of Trump which makes his predictions even more interesting.

1) The election is re-adjudicated, fraud subtracted from the tally, and President Trump is declared the winner.

2) The mail-in vote for the Georgia Senate seat runoff is disqualified as systematic fraud is revealed. Stacy Abrams is indicted for organizing the fraud.

3) A number of political celebrities, DC swamp rats, K-Street hustlers, media figures, and tech company executives are arrested and charged with serious crimes around election fraud.

4) The CIA is purged and reduced to a strictly analytical role for advising the executive.
FOR LATER READ
Anu Satheesh \U0001f1ee\U0001f1f3
Anu Satheesh 🇮🇳...
@AnuSatheesh5
Bhoga Lakshmi Narasimha Swamy Temple
#Devarayanadurga
#Karnatakatemples 🚩

Bhoga Yoga Narasimha Swamy Temple, Devarayanadurga is located near Tumkur of Karnataka. There are two temples are here for Narasimha Swamy, one is at the base of the hill which is Bhoga Narasimhar and 👇


the other on the top of  hill which is Yoga Narasimhar.

Bhoga Narasimha swamy Temple Prathista is said to be done by Maharshi Durvasa who did tapasya here. While doing tapasya Muni wished to bath in river Ganga and decided to travel to Ganga river bank,


At that time Ganga Devi appeared here and said she will remain here in the temple pond.

Yoga Narasimha swamy Prathista is believed to be done by Bhrama Deva who did tapasya here for many years.


Narasimhar appeared with Lakshmi Devi here to give darshan to Bhrama Deva here.

उग्रं वीरं महाविष्णुं ज्वलन्तं सर्वतोमुखम्।
नृसिंहं भीषणं भद्रं मृत्युमृत्युं नमाम्यहम् ॥

Om Shri Narasimha Murthaye Namah
🙏🕉🙏
ALL
Advertisement
Elon Musk\u2019s Meme \U0001f171\ufe0fot
Elon Musk’s Meme 🅱️ot...
@theMemesBot
Thats a gg, Satan
FUN
Khatvaanga
Khatvaanga
@khatvaanga
Starting my 2nd thread on Sringeri Parampara. This will cover the Jagadgurus after Sri Vidyaranya to Sri Shivabhinava Nrisimha Bharati.

It is really very tough to match the brilliance and achievements of Vidyaranya. After whom came 15 - Chandrashekara Bharati [1386-1389].

The next Acharya was Nrisimha Bharati [1389-1408]. Harihara raya found a town for this Acharya - Narasimhapuram. Acharya helped the king by guiding him in political affairs. He also initiated the kind with mahamantras for spiritual development.

Subsequent Acharyas were
15-Puroshottama Bharati [1408 - 1448]
16-Shankara Bharati[1448 - 1455]
17-Chandrasekhara Bharati II [1455 - 1464]
18- Nrisimha Bharati II [1464 - 1479]
19-Puroshottama Bharati II [1479 - 1517]

20-Ramachandra Bharati [1517 - 1560]. Sadashiva Raya was emporer of Vijayanagara during this time.
21-Nrisimha Bharati III [1560 - 1573]
22-Nrisimha Bharati IV [1573 - 1576]
23-Nrisimha Bharati V [1576 - 1600]

24-Abhinava Nrisimha Bharati [1600-1623]. When he visited Malahanikareswara temple for first time he noticed there was no Vinayaka there so he took piece of turmeric and drew outline of Ganesha on a pillar and offered puja.
ALL
Learner Vivek Bajaj
Learner Vivek Bajaj
@vivbajaj
My System for momentum trading🧵:

1. Stock Identification:

Daily and Weekly Delivery Analysis using @mystockedge
Theme Confirmation using Internet and Network

2. Stock Confirmation:

Relative Strength of a stock visavis market using RS55 model listed in @mystockedge

1/n

3. Stock Participation:

Only when chart showing short term breakout along with RS55>0 and RSI>50. I am ready to leave some initial movements.

4. Position buildup:

Every time the stock gives a breakout from the previous swing high add more position and go all-in.

2/n

5. Stock Exit:

I run two portfolios: Short term Swing and Long term Swing.

For Exit in Short term swings, I use a 2hourly Chart with super trend and RS. I am using @tradingview for the same.

For long term swing, I exit when the RS of the stock goes below 0. Period.

n/n
SCREENERS , VB , ALL