Itai Grady

If you missed our #BHUSA talk yesterday, no worries. @YaronZi and I will be presenting our research + some new additions at #DEFCON tomorrow at 3pm. This is your last chance... pic.twitter.com/L4SFRfhpsT

Happy to announce that XM super team will be presenting at #DEFCON. See you there!pic.twitter.com/pCLKlxzEIM

What is one of the most impactful defensive steps you can take as a defender? Enable MFA. Need data on why? By @Alex_T_Weinert https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984 … Use #AzureSentinel to see attacks: https://twitter.com/JohnLaTwC/status/1125810589370961920 … Secure it: https://docs.microsoft.com/en-us/azure/security/azure-ad-secure-steps … cc/ @Alex_A_Simonspic.twitter.com/rikq3NDnhg

If you are interested in seeing a kill chain/technique matrix built out for O365 attacks, give this tweet a like and let me know!pic.twitter.com/6pas4RwHjk

Jupyter Notebooks are a powerful tool for security analysts and hunters (don't let scientists have all the fun!). Part of a project (inspired by @JohnLaTwC) to use Jupyter with #AzureSentinel http://bit.ly/2V3nMzE . #Jupyter #AzureNotebooks #MSTICpic.twitter.com/ctLnaVCGJC

There was a lot of talk this year about encouraging people to present their work in #infosec and making our field more approachable. If this describes your 2018 experience, may 2019 be the bottoms up version!pic.twitter.com/zj5Gj0fyLS

At #ATTACKcon I talked about #Jupyter notebooks as a way to share repeatable analysis. I was asked to share mine. Promise kept! Learn how a notebook can speed hunting and automation with the new WDATP APIs. https://techcommunity.microsoft.com/t5/Threat-Intelligence/Automating-Security-Operations-Using-Windows-Defender-ATP-APIs/m-p/294434 … https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Notebooks/WDATP%20APIs%20Demo%20Notebook.ipynb … h/t @killchainpic.twitter.com/LqnOBLpKPR

I updated #mimikatz to support Windows 1809, even the kernel driver! (with my expired certificate) Of course, misc::memssp to bypass Credential Guard chain included (but also, crypto, event log, terminal server...and passwords in clear when enabled!) > https://github.com/gentilkiwi/mimikatz/releases …pic.twitter.com/77kp2BLihs

1/4 #shadowbrokers leaked NSA #DarkPulsar admin console, but not the implant itself. Researchers @kaspersky were able to find its implant counterpart by looking for encryption constants. https://securelist.com/darkpulsar/88199/ … via @Securelistpic.twitter.com/s92z9kSwEr

That moment when you're looking at a VBScript wondering whether it's just a really thorough IT inventory script or a recon tool. Then you see the reference to #mimikatz. https://www.virustotal.com/#/file/fd334bb96b496592db6c9771f305a2ddca6610a59c6d45f5bbbb2b38859b4f36/detection … https://gist.github.com/JohnLaTwC/08011be514084fb7a8ccac9ed948a0ec …pic.twitter.com/43wRsabP07

Interested in articles about the Windows Kernel? Check out this new series by the @Windows team. You'll find out that, indeed, taskmgr can scale to show a machine with 896 cores, 1792 logical processors, and 2TB of RAM! https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/One-Windows-Kernel/ba-p/267142 … Follow @mamyun for updates!pic.twitter.com/gKv8uQiuBD