Roberto RodriguezAzure Sentinel To-Go 🛒 — Part 2: Integrating a Basic Windows Lab 🧪 via ARM Templates 🚀Most of the time when we think about the basics of a detection research lab, it is an environment with Windows endpoints, audit policies…15 min read·Oct 5, 2020----
Roberto RodriguezinOpen Threat ResearchIt is Biceps 💪 Day! Flexing an ARM Template to deploy Azure Sentinel 🏹Ever since I joined the Microsoft Threat Intelligence Center (MSTIC) R&D team, I have been learning about Azure Resource Manager (ARM)…9 min read·Sep 9, 2020--2--2
Roberto RodriguezinOpen Threat ResearchMordor PCAPs 📡 — Part 1: Capturing Network Packets from Windows Endpoints with Network Shell…On April 21st, 2020, the ATT&CK evals team released the results of their APT29 evaluation , the emulation plan, all payloads used for Day…10 min read·Jul 27, 2020----
Roberto RodriguezinOpen Threat ResearchExtending the Exploration and Analysis of Windows RPC Methods Calling other Functions with Ghidra…A few weeks ago, I was going over some of the research topics in my to-do list, and the one that sounded interesting to work on during 4th…17 min read·Jul 21, 2020----
Roberto RodriguezinOpen Threat ResearchCommunity Evaluating Free Telemetry 💸 🌎 Following the ATT&CK Evals Methodology ⚔️In late 2019, the ATT&CK Evaluations team evaluated 21 endpoint security vendors to provide insight and transparency over their true…14 min read·Jun 12, 2020----
Roberto RodriguezinOpen Threat ResearchMordor Labs 😈 — Part 3: Executing ATT&CK APT29 Evaluations Emulation Plan 📕 -Day2Building the environment for scenario one is very easy and takes around 30–45 mins. Once the environment is set up, you will still have to…9 min read·May 3, 2020----
Roberto RodriguezinOpen Threat ResearchMordor Labs 😈 — Part 2: Executing ATT&CK APT29 Evals Emulation Plan 📕 -Day1Building the environment for scenario one is very easy and takes around 30–45 mins. Once the environment is set up, you will still have to…7 min read·May 3, 2020----
Roberto RodriguezinOpen Threat ResearchMordor Labs 😈 — Part 1: Deploying ATT&CK APT29 Evals Environments via ARM Templates 🚀 to Create…In late 2019, the ATT&CK Evaluations team evaluated 21 endpoint security vendors using an evaluation methodology based on APT29. On April…15 min read·May 2, 2020--1--1
Roberto RodriguezinOpen Threat ResearchAzure Sentinel To-Go!Recently, I started working with Azure Sentinel, and as any technology that I am learning about, I decided to explore a few ways to deploy…18 min read·Mar 27, 2020----
Roberto RodriguezinOpen Threat ResearchJupyter Notebooks 📓 from SIGMA Rules 🛡⚔️ to Query Elasticsearch 🏹Happy new year everyone 🎊! I’m taking a few days off before getting back to work and you know what that means 😆 Besides working out a…12 min read·Jan 11, 2020--1--1