Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @HunterPlaybook
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @HunterPlaybook
-
ThreatHunter-Playbook proslijedio/la je Tweet
That's awesome! Thank you for sharing
@troplolBE ! Happy to see the projects being referenced in other conferences around the
I hope to make it to @FIC_eu one day
https://twitter.com/troplolBE/status/1222834617914478592 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[UPDATED LINK] "An adversary might be attempting to open up a handle to the service control manager (SCM) database on remote endpoints to check for local admin access in my environment"https://threathunterplaybook.com/notebooks/windows/07_discovery/discovery/WIN-190826010110.html …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[UPDATED LINK] "Adversaries might be leveraging WMI Win32_Process class and method Create to execute code remotely across my environment"https://threathunterplaybook.com/notebooks/windows/08_lateral_movement/lateral_movement/WIN-190810201010.html …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[UPDATED LINK] "Adversaries might be extracting the DPAPI domain backup key from my DC to be able to decrypt any domain user master key files" DPAPI God Mode!https://threathunterplaybook.com/notebooks/windows/06_credential_access/credential_access/WIN-190620024610.html …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[UPDATED LINK] "Adversaries might be calculating the SysKey from registry key values to decrypt SAM entries in my environment"https://threathunterplaybook.com/notebooks/windows/07_discovery/discovery/WIN-190625024610.html …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[UPDATED LINK] "Adversaries might be RDPing to computers in my environment and interactively dumping the memory contents of LSASS via task manager."https://threathunterplaybook.com/notebooks/windows/06_credential_access/credential_access/WIN-191030201010.html …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
ThreatHunter-Playbook proslijedio/la je Tweet
I decided to write a book
! An online Interactive Book
! A book on the top of @HunterPlaybook ,@ProjectJupyter#notebooks and w/@mybinderteam BinderHub links all put together w/ the amazing Jupyter Book project!#ThreatHunting Merry Christmas
https://medium.com/threat-hunters-forge/writing-an-interactive-book-over-the-threat-hunter-playbook-with-the-help-of-the-jupyter-book-3ff37a3123c7 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ThreatHunter-Playbook proslijedio/la je Tweet
You visit the Microsoft Threat Intelligence Center and walk away with stickers from
@Cyb3rWard0g@HunterPlaybook@THE_HELK
#Epic#MSTICpic.twitter.com/JIAF0AMlM2
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"Adversaries might be RDPing to computers in my environment and interactively dumping the memory contents of LSASS via task manager."
#ThreatHuntingSeason#ThreatHunting@HuntersForge@Mordor_Project
Notebook: https://nbviewer.jupyter.org/github/hunters-forge/ThreatHunter-Playbook/blob/master/playbooks/windows/06_credential_access/T1003_credential_dumping/remote_interactive_taskmngr_lsass_dump.ipynb …
Dataset: https://github.com/hunters-forge/mordor/blob/master/small_datasets/windows/credential_access/credential_dumping_T1003/remoteinteractive_taskmngr_lsass_dump.md …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"Adversaries might be attempting to pull the NTLM hash of a user via AD replication services with a non-DC account and from a non-DC wks"
#ThreatHuntingSeason#ThreatHunting@HuntersForge@Mordor_Project
Notebook: https://nbviewer.jupyter.org/github/hunters-forge/ThreatHunter-Playbook/blob/master/playbooks/windows/06_credential_access/T1003_credential_dumping/ad_replication_non_machine_account.ipynb …
Dataset: https://github.com/hunters-forge/mordor/blob/master/small_datasets/windows/credential_access/credential_dumping_T1003/credentials_from_ad/empire_dcsync.md …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"Adversaries might be calculating the SysKey from registry key values to decrypt SAM entries in my environment"
#ThreatHuntingSeason#ThreatHunting@HuntersForge@Mordor_Project
Datasets: https://github.com/hunters-forge/mordor/blob/master/small_datasets/windows/credential_access/credential_dumping_T1003/credentials_from_registry/empire_mimikatz_lsadump_sam.md …
Notebook: https://nbviewer.jupyter.org/github/hunters-forge/ThreatHunter-Playbook/blob/master/playbooks/windows/07_discovery/T1012_query_registry/syskey_registry_keys_access.ipynb …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"Adversaries might be extracting the DPAPI domain backup key from my DC to be able to decrypt any domain user master key files" DPAPI God Mode!
#ThreatHuntingSeason#ThreatHunting
Datasets: https://github.com/Cyb3rWard0g/mordor/blob/master/small_datasets/windows/credential_access/credential_dumping_T1003/credentials_from_ad/empire_mimikatz_export_master_key.md …
Notebook: https://nbviewer.jupyter.org/github/Cyb3rWard0g/ThreatHunter-Playbook/blob/master/playbooks/windows/06_credential_access/T1003_credential_dumping/domain_dpapi_backupkey_extraction.ipynb …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"Adversaries might be leveraging WMI Win32_Process class and method Create to execute code remotely across my environment"
#ThreatHuntingSeason#ThreatHunting
Datasets: https://github.com/Cyb3rWard0g/mordor/tree/master/small_datasets/windows/execution/windows_management_instrumentation_T1047#windows-management-instrumentation-wmi …
Notebook: https://nbviewer.jupyter.org/github/Cyb3rWard0g/ThreatHunter-Playbook/blob/master/playbooks/windows/08_lateral_movement/T1047_windows_management_instrumentation/wmi_win32_process_create_remote.ipynb …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ThreatHunter-Playbook proslijedio/la je Tweet
"An adversary might be attempting to open up a handle to the service control manager (SCM) database on remote endpoints to check for local admin access in my environment"
#ThreatHuntingSeason#ThreatHunting
Dataset: https://github.com/Cyb3rWard0g/mordor/blob/master/small_datasets/windows/lateral_movement/remote_services_T1021/empire_find_local_admin.md …
Playbook: https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/blob/master/playbooks/windows/07_discovery/T0000_permissions_level_check/remote_service_control_manager_handle.md …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
1) How noisy are the data sources recommended? 2) Any potential false positives that you would like to share with the community? 3) Any ideas to provide more context to the data analytics provided? 4) How easy is to run that JOIN with your current toolset? 5) have fun!
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"An adversary might be attempting to open up a handle to the service control manager (SCM) database on remote endpoints to check for local admin access in my environment"
#ThreatHuntingSeason#ThreatHunting
Dataset: https://github.com/Cyb3rWard0g/mordor/blob/master/small_datasets/windows/lateral_movement/remote_services_T1021/empire_find_local_admin.md …
Playbook: https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/blob/master/playbooks/windows/07_discovery/T0000_permissions_level_check/remote_service_control_manager_handle.md …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I'll be sharing a playbook every other Monday, starting Aug 26th, to inspire new hunts in your network & start conversations about analytics, recommended data sources, pre-recorded datasets & FPs or notes u'd like to share w/ the community
#ThreatHuntinghttps://github.com/Cyb3rWard0g/ThreatHunter-Playbook …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ThreatHunter-Playbook proslijedio/la je Tweet
Huge revamp of the
@HunterPlaybook project w/@ProjectJupyter Notebooks, Mordor
datasets for analytics validation, interactive queries & output made available to the whole
through @mybinderteam#ThreatHunting@ApacheSpark@Cyb3rPandaH@MITREattack https://github.com/Cyb3rWard0g/ThreatHunter-Playbook …pic.twitter.com/xI1njJJHsA
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ThreatHunter-Playbook proslijedio/la je Tweet
@mubix , I use the TargetLogonId value from event 4624 to correlate other Security events that occur on the same logon session. DCSync generates a Network Logon type (3) on the DC. I can JOIN 4662 & 4624 on LogonId and get the source IP. An Idea@THE_HELK https://posts.specterops.io/threat-hunting-with-jupyter-notebooks-part-4-sql-join-via-apache-sparksql-6630928c931e …pic.twitter.com/mF2wGGNZTN
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.