Security specialist who hunts for evil. Incident Responder, amateur malware analyst, independent security researcher.
Joined March 2013
- Tweets 6,446
- Following 471
- Followers 1,025
- Likes 5,324
377 Photos and videos
Pinned Tweet
17 Sep 2016
One of the greatest joys in my life is watching someone I know succeed.
1
9
52
Jim Schwar retweeted
7 Aug 2023
I know some people often wonder if an Application Id they see in logs is a first-party Microsoft app, I wrote this KQL to pull down the list of apps from the MS Learn doc itself and create a table from it, so you can then query it and join to it etc - github.com/reprise99/Sentine…
ALT Screenshot of Microsoft Sentinel showing a list of first party applications from Microsoft with their name and application Id listed
7
43
184
19,518
17 Feb 2023
regex is like Jenga, one wrong move and the whole effing thing comes crashing down
1
334
17 Feb 2023
Regex: when you want to match some characters, but not too many characters, but also maybe some other characters, but not those characters, unless they're followed by these other characters... you know what, never mind, let's just use brute force. 🤯🤯🤯
1
1
228
17 Feb 2023
Log parsing is the process of analyzing and extracting relevant information from log data. It is a critical component of security monitoring and threat detection.
1
312
17 Feb 2023
The choice of parsing method depends on the specific use case, the types of data being analyzed. You need all of the above available to engineers to quickly and effectively get data in front of your analysts
1
173
17 Feb 2023
It drives me bonkers that not all SIEMs support this and why I really like analytics platforms as the basis for threat detection/response.
150
17 Feb 2023
SIEM technology is like that one annoying co-worker who always has something to say but never really delivers.
2
209
15 Feb 2023
🧵
15 Feb 2023
As someone who has built import/export for STIX/TAXII from scratch, i think it can be improved in a few ways.
1
1
243
Jim Schwar retweeted
7 Feb 2023
The billions of dollars of investment into ChatGPT and OpenAI will be worth every cent even if all I ever use it for is to solve my regex problems.
3
5
82
4,474
Jim Schwar retweeted
25 Jan 2023
🔍 My ultimate workflow for simple and easy JavaScript Analysis
⚡️ Comprehensive JavaScript analysis in offensive security, appsec testing, and red teaming wins.
Often you can find juicy hidden endpoints, parameters, & domains buried JS!
A thread 🧵 1/x
👇
41
239
703
126,018
Jim Schwar retweeted
26 Jan 2023
If you know what the turbo button is for don't forget to take an anti-inflammatory for your back and knees today
133
272
2,526
250,485
Jim Schwar retweeted
23 Jan 2023
by the end of the day detection is about reducing FPs to spot bad, any evaluation that doesn't account for that to me its just scratching the surface (and indirectly participate in alerts fatigue and SOC analysis cost).
6
10
68
15,507
Jim Schwar retweeted
21 Oct 2022
If you are an ex-member of ISC2 that has received an email in the last 6 months about potential re-certification, please DM me. RT appreciated.
1
26
15
14 Oct 2022
Anyone know of a Phishtank equivalent for malware. Something that has subjects, senders, attachment names?