11:48pm PDT - April 22nd, 2021
Reg. CISA's report We have a Sigma rule that would've detected that renamed procdump since 2019 & we use a similar YARA rule since 2014 in @thor_scanner That's the detection logic that I like most - it allows you to detect threats 7 years in the future https://t.co/EqYwPjSMgo https://t.co/wM2LBJy3mw
6 retweets 2 likes - Florian Roth (@cyb3rops)