John Lambert

@JohnLaTwC

Distinguished Engineer, Microsoft Threat Intelligence Center, johnla(AT), **BEWARE There are Tech Support Scams that use my name **

Redmond WA
Vrijeme pridruživanja: listopad 2010.

Medijski sadržaj

  1. prije 5 sati

    🆕hxxps://byteout.xyz/olympic/ad/index.html They aren't loading the rings logo from the website. Where did it go? reveals all!

    Prikaži ovu nit
  2. 31. sij
    Prikaži ovu nit
  3. 31. sij

    Unicode VBA for obfuscation purposes: 🔗d7987d5bfcd0d8fd206c45b5a83bc429e22759c414d427c8bf1236e7d573f7c3

    Prikaži ovu nit
  4. 31. sij
    Prikaži ovu nit
  5. 31. sij
    Prikaži ovu nit
  6. 31. sij

    Follow Friday on interesting VT Submitter Ids. My first is ec31b410 uploading from Denmark. Examples in this thread

    Prikaži ovu nit
  7. 30. sij
  8. 30. sij

    Blue teamers, just watched this webinar by on how to use to hunt over data. Hypothesis formulation, graph investigation, notebooks, and more!

  9. 29. sij
    Odgovor korisnicima

    When you can pivot by submitter id, you can quickly find many more relevant samples. Combined with the other VT meta data, it makes perusing samples very easy.

  10. 29. sij

    Would someone use the Olympics to phish? Yes, yes they would. 🆕hxxps://amazingmonkeys.es/tokyo2020comiteeolympic/ 🆕hxxps://amazingmonkeys.es/olympiccomitee/ hxxps://154dst.com/comiteeolympic/ hxxps://154dst.com/olympiccomitee/ hxxps://154dst.com/olympicinternationalcomitee/

    Prikaži ovu nit
  11. 27. sij

    Sometimes seeing chatter about a file on infosec twitter is a signal to add detection. In this case, a benign file went from 4 detections to 12!

    Prikaži ovu nit
  12. 26. sij

    Wonder why AV has false positives? ✅Instructions to enable macros 🧩Obfuscated code 💉Modifies security settings 🕵️Hides VBA project 🔒Password protected sheets 4⃣Detections on VirusTotal Benign 🤷‍♂️

    Prikaži ovu nit
  13. 26. sij

    To find Satan sometimes start with Murphy. In 2007 I became an exploit failure engineer to find 0-days from studying reliability problems. Ep 57 has the story. 📊 🎙️

  14. 25. sij
  15. 25. sij
    Odgovor korisniku/ci
  16. 25. sij
  17. 24. sij

    It's not often you get to sit down with someone like Sue Gordon. Looking forward to picking her brain on security, intelligence, and how to make the world a safer place.

  18. 22. sij
    Odgovor korisniku/ci

    Here are examples of what I talked about. The first was someone probing the vulnerability. The next two show a bot in the weaponization process.

  19. 21. sij

    The exploit had succeeded (in another thread) and was downloading the payload from a server in Japan. See the call to urlmon!URLDownloadToFileA: The attacker popped the box twice (impatience?) and the second attempt crashed the server.

  20. 16. sij

    When you have Outlook track what files you open, what does it say when most of your work is in PowerPoint (🟥) instead of Excel (🟩) or Word (🟦)? 🤔

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·