Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @Crypt0s
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Crypt0s
-
Prikvačeni tweet
Confused about DMR? Fustrated you can't get your hotspot configured? Need some help? Here is a quick tutorial: https://medium.com/@Crypt0s/how-to-use-dmr-with-mmdvm-and-the-btech-dmr-handset-39e1784ec73b …
#DMR#hamradio#brandmeister#mmdvmHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Excited to announce that starting Feb. 14th I will become a part of
@Netragard’s excellent team!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Crypt0s proslijedio/la je Tweet
It was AWESOME seeing and catching up at
#Shmoocon2020 with (2/3)@FrustratedITGuy@WiFi_Village@rmellendick@radi0_jesus@armitagehacker@Crypt0s@pwcrack@grecs@githur@CircuitSwan@heidishmoo@elkentaro@urbansec@sirspamsalot@_pronto_@Bad415353Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Shmoocon was amazing, totally loved seeing my peeps out there, y’all make the con fun
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I am at Shmoocon
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
At some point I will update the reader with how to compile the project please bear with me I basically posted it as soon as I had permission
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It’s not enough to detect every OpenThread call without additional filtering or heuristics and/or whitelisting/blacklisting but it is a good start.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Sysmon for some reason doesn’t monitor OpenThread() between two different PIDs! And it’s not open source. Carbon black does but it does happen fairly frequently and it is also not open. So I cribbed a Microsoft example and wrote a driver:https://github.com/Crypt0s/Ampulex/tree/master/WaspHunter …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Cross process calls are things like OpenThread, OpenProcess, that kind of thing. They all open handles to processes, which calls the callbacks registered to ObRegisterCallback in the kernel. This is what Sysmon and Carbon Black use to monitor cross process events. But...
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
So in order to detect stack bombing, you need to register a callback with the Windows kernel which is called every time a handle is created. This is called ObRegisterCallback() This will receive information about the originating PID and the targeted PID for Cross-Process calls
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Broke: Checkbox security Woke: Nessus and Chill
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
PInjectra’s Stack Bombing Process Injection example was only the beginning. I wrote a practical implementation of it that performs process migration using shared Memory, self-loading/linking DLLs, and an RWX ROP chain. Https://github.com/Crypt0s/Ampulex Also included: a detection for it
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It is released along with a driver which registers a cross-process event monitoring driver that generates windows logs on process events like Sysmon (but better because it does it for all cross process events)Https://github.com/Crypt0s/Ampulex
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It’s not detectable by CarbonBlack unless you’re gonna alert on every OpenThread() call. But in researching this I found out how CarbonBlack and Sysmon do Cross Process event monitoring and I may release a driver which does it as a small example utility.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
My practical implementation of Stack Bombing (the new process injection technique from Blackhat 2019) has been approved for release by Booz Allen. It’s neat - I use shared memory to write a self-linking/loading binary image from one process to another after a ROP chain does RWX
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A lot of Baofeng and even a DMR radio at the Virginia gun “event” today. Wonder what they have to say over the air. Any Hams down there listening in?
#virgina#VirginiaRally#Virginia2AHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Crypt0s proslijedio/la je Tweet
LGBT+ freindly replacements for most tech terms. :3 * Master / Slave -> Dom / Sub * Black List / White List -> Poly / Mono * Male / Female -> Top / Bottom * RP-Male / RP-Female -> Service Top / Power Bottomhttps://twitter.com/cybergibbons/status/1219042329257967616 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Pumped for Shmoocon. Actually have my crap sort of together for this one.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Whoa - so in the Early 90’s we thought oh snap it might be a bad thing to allow cell sniffers to work to collect customer datahttps://twitter.com/_aijaz_/status/1215310669957853184 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Crypt0s proslijedio/la je Tweet
All of the Iranian provocations Trump just listed happened as a result of his withdrawal from the JCPOA and shift to "maximum pressure." They weren't happening while US was still in the agreement.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Crypt0s proslijedio/la je Tweet
a nice talk from
#DefCon26, about using PE relocations for the purpose of obfuscation: Nick Cano - "Relocation Bonus - Attacking the Windows Loader Makes Analysts Switch Careers" :https://www.youtube.com/watch?v=8_kfyKVk32c …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.