Lots of stuff coming soon. Need to start dumping my favorite Splunk queries. Company is currently switching webhosts, so past blog material is unavailable atm. I did upload a local HTML copy of the netshell helper DLL persistence/loading technique due to it making Mitre's ATT&CK matrix this month. The link on the MITRE wiki is broken.
https://attack.mitre.org/wiki/Technique/T1128
Link to HTML view
4/8/17 Sigma repo created
Reference: https://github.com/Neo23x0/sigma