Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    FireEye Red Team Tool Countermeasures (rules for a Snort)

    IDS/IPS
    1
    1
    145
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Sergei_Shablovsky
      Sergei_Shablovsky last edited by

      FireEye Red Team Tool Countermeasures

      These rules are provided freely to the community without warranty.

      In this GitHub repository you will find rules in multiple languages:

      Snort
      Yara
      ClamAV
      HXIOC
      The rules are categorized and labeled into two release states:

      Production: rules that are expected to perform with minimal tuning.
      Supplemental: rules that are known to require further environment-specific tuning and tweaking to perform, and are often used for hunting workflows.
      Please check back to this GitHub for updates to these rules.

      FireEye customers can refer to the FireEye Community (community.fireeye.com) for information on how FireEye products detect these threats.

      The entire risk as to quality and performance of these rules is with the users.

      https://github.com/fireeye/red_team_tool_countermeasurs
      ——
      P.S. If You do not know about FireEye / Solar Wind / Microsoft / US Nuclear Agency BIG HACK from Russian side, read:

      «The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.»

      FireEye
      https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html

      ArsTechnica
      https://arstechnica.com/information-technology/2020/12/solarwinds-hackers-have-a-clever-way-to-bypass-multi-factor-authentication/

      ZdNet
      https://www.zdnet.com/article/microsoft-and-industry-partners-seize-key-domain-used-in-solarwinds-hack/

      CISA
      https://www.bleepingcomputer.com/news/security/cisa-hackers-breached-us-govt-using-more-than-solarwinds-backdoor/

      Reuters
      https://www.reuters.com/article/global-cyber-microsoft-int/exclusive-microsoft-breached-in-suspected-russian-hack-using-solarwinds-sources-familiar-idUSKBN28R3BW

      Politico
      https://www.politico.com/news/2020/12/17/nuclear-agency-hacked-officials-inform-congress-447855

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense Plus
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy