Tweetovi

Blokirali ste korisnika/cu @HunterPlaybook

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @HunterPlaybook

  1. proslijedio/la je Tweet
    30. sij

    That's awesome! Thank you for sharing ! Happy to see the projects being referenced in other conferences around the 🌎 I hope to make it to one day 😉

    Poništi
  2. [UPDATED LINK] "An adversary might be attempting to open up a handle to the service control manager (SCM) database on remote endpoints to check for local admin access in my environment"

    Prikaži ovu nit
    Poništi
  3. [UPDATED LINK] "Adversaries might be leveraging WMI Win32_Process class and method Create to execute code remotely across my environment"

    Prikaži ovu nit
    Poništi
  4. [UPDATED LINK] "Adversaries might be extracting the DPAPI domain backup key from my DC to be able to decrypt any domain user master key files" DPAPI God Mode!

    Prikaži ovu nit
    Poništi
  5. [UPDATED LINK] "Adversaries might be calculating the SysKey from registry key values to decrypt SAM entries in my environment"

    Prikaži ovu nit
    Poništi
  6. [UPDATED LINK] "Adversaries might be RDPing to computers in my environment and interactively dumping the memory contents of LSASS via task manager."

    Prikaži ovu nit
    Poništi
  7. Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    18. pro 2019.

    I decided to write a book 😅! An online Interactive Book 💥! A book on the top of , and w/ BinderHub links all put together w/ the amazing Jupyter Book project! Merry Christmas 🎄🎁 🍻

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    3. pro 2019.

    You visit the Microsoft Threat Intelligence Center and walk away with stickers from 😂

    Poništi
  10. Prikaži ovu nit
    Poništi
  11. Prikaži ovu nit
    Poništi
  12. Prikaži ovu nit
    Poništi
  13. Prikaži ovu nit
    Poništi
  14. Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    Prikaži ovu nit
    Poništi
  16. 1) How noisy are the data sources recommended? 2) Any potential false positives that you would like to share with the community? 3) Any ideas to provide more context to the data analytics provided? 4) How easy is to run that JOIN with your current toolset? 5) have fun!

    Prikaži ovu nit
    Poništi
  17. Prikaži ovu nit
    Poništi
  18. I'll be sharing a playbook every other Monday, starting Aug 26th, to inspire new hunts in your network & start conversations about analytics, recommended data sources, pre-recorded datasets & FPs or notes u'd like to share w/ the community

    Poništi
  19. proslijedio/la je Tweet
    16. kol 2019.

    Huge revamp of the project w/ Notebooks, Mordor 👿datasets for analytics validation, interactive queries & output made available to the whole 🌎 through

    Poništi
  20. proslijedio/la je Tweet
    14. kol 2019.
    Odgovor korisniku/ci

    , I use the TargetLogonId value from event 4624 to correlate other Security events that occur on the same logon session. DCSync generates a Network Logon type (3) on the DC. I can JOIN 4662 & 4624 on LogonId and get the source IP. An Idea

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·