LightNews
kostastsale.bsky.social
Kostas
@kostastsale.bsky.social
1.3K followers 130 following 320 posts
@thedfirreport.bsky.social | https://kostas.page | Opinions are mine only! 🇬🇷🇨🇦
kostas.page
Posts Media Videos Starter Packs
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 4d
They ate Portland’s national guard.
4
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 11d
If this helped you, consider buying me one here: buymeacoffee.com/kostas.t . Every bit keeps the lights on.

• Check it out here: detectionstream.com
• Get your OpenRouter Key by registering here: openrouter.ai
1
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 11d
Although this is a free service for the community, there is a material cost to me. Because servers don’t run on coffee alone (like I do), If this helped you, consider buying me one here: buymeacoffee.com/kostas.t .Every bit helps to keep the lights on, and please add a note to say how it helped you!
Kostas is EDR Telemetry & Comparison Projects, DFIR Labs, DetectionStream + more
Hey, I’m Kostas. I spend a lot of time building tools, creating training, and sharing infosec tips. If any of that’s helped you, a coffee and a nice message go a long way. 🙏
buymeacoffee.com
1
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 11d


𝗦𝗶𝗴𝗺𝗮 𝗣𝗹𝗮𝘆𝗴𝗿𝗼𝘂𝗻𝗱 ➡️ create or tweak a detection rule, load your JSON logs, and see detections fire. Perfect for understanding how Sigma works in practice.

𝗡𝗼𝘃𝗮 𝗣𝗹𝗮𝘆𝗴𝗿𝗼𝘂𝗻𝗱 ➡️ build AI-native detections, validate with prompts, and test adversarial scenarios. A new way to think about monitoring LLMs.
1
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 11d
I built this tool for myself. Shared a preview here a few days ago… and wow. Didn’t expect such a strong response. Thanks everyone who reached out 🙏

Because of that energy, I pushed harder and:
➡️ Polished the Sigma experience, now with Nova integrated
➡️ Built two playgrounds for hands-on learning
1 2
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 15d
Feel free to comment below 👇

** The AI generation is happening on the client-side. You simply bring your own OpenRouter key, and you are responsible for billing etc.
**I have special prompts for minimizing AI-generated garbage/slop output.
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 15d
I've built this platform for myself to quickly search and create detection rules. Considering that we(the DE community) have amazing platforms like Sigconverter (sigconverter.io ) and (detection fyi) detection.fyi, would anyone find value in having FREE access to this all-in-one platform?
2 6
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 16d
The EDR Telemetry Project revealed what EDRs can see.

➛ Now, we show how they compare.

Coming soon!
1 4
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 18d
As long as Tara keeps exploring, I’ll watch! Lol
1 2
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 18d
Omg this is the perfect music over! 😂

I’ve got no idea who Tara is but she’s exploring alright 😆 From CB to Striker in one breath lol 👏
1 3
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 18d
There is still time to register: dfirlabs.thedfirreport.com/dfirchallenge
1
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 18d

It makes me very happy to see the commitment from vendors like Bitdefender to improve and deliver quality for their customers, considering the recent changes.

See the full standings in the Windows and Linux tables along with the latest scoring 👉 www.edr-telemetry.com
EDR Telemetry Project - Home
EDR Telemetry Project - Exploring telemetry capabilities of EDR solutions
www.edr-telemetry.com
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 18d
Their Linux coverage stood out as especially strong, and further improvements on Windows are already on the way.

Another highlight: visibility into 𝐥𝐞𝐬𝐬 𝐜𝐨𝐦𝐦𝐨𝐧 𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐬𝐢𝐠𝐧𝐚𝐥𝐬 𝐥𝐢𝐤𝐞 𝐖𝐢𝐧𝟑𝟐 𝐀𝐏𝐈 𝐜𝐚𝐥𝐥𝐬 𝐚𝐧𝐝 𝐕𝐒𝐒 𝐝𝐞𝐥𝐞𝐭𝐢𝐨𝐧 𝐞𝐯𝐞𝐧𝐭𝐬, which aren’t broadly supported across many vendors..... 👇
1 2
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 18d
📢 Excited to share that 𝐁𝐢𝐭𝐝𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐄𝐃𝐑 (GravityZone Business Security Enterprise) is now part of the 𝐄𝐃𝐑 𝐓𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐟𝐚𝐦𝐢𝐥𝐲.

Bitdefender has introduced improvements to its telemetry control, no longer requiring a data retention license to change what telemetry is being sent.... 👇
1 1
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 24d
Check the new additions here: www.edr-telemetry.com/windows
EDR Telemetry Project - Windows
EDR Telemetry Project - Exploring telemetry capabilities of EDR solutions
www.edr-telemetry.com
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 24d
If you are using an EDR and can confirm whether the telemetry exists, please don't hesitate to comment below, reach out to me, or contribute directly!

As always, thank you to our contributors 🙏
1
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · 24d
🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬

The Windows table just got an update with 3 new sub-categories:

➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s

Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.
1 1
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · Sep 11
something just as bad is already out there and we don’t know it yet.

We need to plan ahead, but planning ahead is tough work in InfoSec. Anyone who’s spent a day in this field knows the struggle. It just makes you think, what if...
2
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · Sep 11
Turns out this npm compromise was a bit of a nothing burger. But imagine if the threat actors had been careful and methodical. Imagine they stayed quiet and blended in... With the access they had, they could’ve done far worse.

This time we got lucky. Next time, maybe not. Or maybe... 👇
1 2
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · Sep 8
Let me know what you're building or hunting with it. Would love to see more use cases in the wild.

More to come soon: edr-telemetry.com
/end
EDR Telemetry Project - Home
EDR Telemetry Project - Exploring telemetry capabilities of EDR solutions
edr-telemetry.com
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · Sep 8
If you've been reading, using, contributing, or quietly lurking, thank you 🙏
I also want to thank the individuals who are actually paying out of their pocket to help me pay the bills and justify my countless hours staring at logs. You’re the reason this works 💙
4/x...👇
1 1
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · Sep 8
All without paid advertisement (although sponsors to keep the project afloat are welcome 😉)
There’s no marketing budget.
It grew because people actually use it.

Just signal over noise with a community that genuinely cares about tooling, visibility, and security that makes sense.

3/x .... 👇
1
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · Sep 8
➡️ 15,510+ 𝗺𝗼𝗻𝘁𝗵𝗹𝘆 𝘃𝗶𝗲𝘄𝘀 on the site
➡️ 2,313 𝗺𝗼𝗻𝘁𝗵𝗹𝘆 𝗮𝗰𝘁𝗶𝘃𝗲 𝘂𝘀𝗲𝗿𝘀
➡️ 𝗔𝘃𝗲𝗿𝗮𝗴𝗲 𝘃𝗶𝘀𝗶𝘁𝗼𝗿 𝘀𝘁𝗮𝘆 𝗳𝗼𝗿 ~2 𝗺𝗶𝗻𝘂𝘁𝗲𝘀, and 𝗮𝘃𝗲𝗿𝗮𝗴𝗲 7+ 𝗽𝗮𝗴𝗲𝘀 𝗽𝗲𝗿 𝘀𝗲𝘀𝘀𝗶𝗼𝗻
➡️ GitHub activity well above typical for niche security projects (137 𝗰𝗹𝗼𝗻𝗲𝘀, 874 𝘃𝗶𝗲𝘄𝘀 𝗶𝗻 14 𝗱𝗮𝘆𝘀)

2/x .... 👇
1
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · Sep 8
𝗡𝗲𝘃𝗲𝗿 𝘁𝗵𝗼𝘂𝗴𝗵𝘁 𝘁𝗵𝗶𝘀 𝗽𝗿𝗼𝗷𝗲𝗰𝘁 𝘄𝗼𝘂𝗹𝗱 𝗿𝗲𝗮𝗰𝗵 𝘁𝗵𝗶𝘀 𝗸𝗶𝗻𝗱 𝗼𝗳 𝘀𝗰𝗮𝗹𝗲.
Especially not as an independent, non-corporate platform focused purely on technical content.

Started as a small side effort to compare EDR telemetry and support hunting workflows.

Now it’s here.... 👇
1/x
EDR Telemetry Project - Home
EDR Telemetry Project - Exploring telemetry capabilities of EDR solutions
edr-telemetry.com
1 1 3
kostastsale.bsky.social
Kostas @kostastsale.bsky.social · Sep 5
The EDR Telemetry Project exists to burn this crap down with proof. We’ve also got scores but they’re backed by real research and proof of testing.

edr-telemetry.com
EDR Telemetry Project - Home
EDR Telemetry Project - Exploring telemetry capabilities of EDR solutions
edr-telemetry.com
4