Maarten van Dantzig

@MaartenVDantzig

threat intelligence, incident response, security operations, blue team (mostly )

Vrijeme pridruživanja: siječanj 2011.

Tweetovi

Blokirali ste korisnika/cu @MaartenVDantzig

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @MaartenVDantzig

  1. 30. sij

    Oh no, how will the Ryuk, BitPaymer & other ransomware operators communicate with their victims now 🤪

    Poništi
  2. proslijedio/la je Tweet
    18. sij

    UPDATE 1: Based on updates provided by Citrix and NCSC-NL yesterday evening we have updated our advisory. Please read our update to see the latest changes. Some recommendations and nuances are made even more explicit by Citrix.

    Poništi
  3. proslijedio/la je Tweet
    17. sij

    Based on all the current rumors and speculations about the Citrix vulnerability, we decided to list all the current known facts in an advisory, which can be found here:

    Poništi
  4. proslijedio/la je Tweet
    10. sij

    Static unpacker for packed samples.

    Poništi
  5. proslijedio/la je Tweet
    15. sij

    Hunting for C&C beacons by analyzing connection patterns

    Poništi
  6. proslijedio/la je Tweet
    27. pro 2019.

    Ransomware analysis is good. However, focus on the intrusion operations themselves. These are interactive network operations that end with a disruptive capability being deployed. If you focus on the intrusion, you can impact the outcome of any intrusion not just ransomware.

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet

    That’s my review of this IR report done with

    Poništi
  8. proslijedio/la je Tweet
    19. pro 2019.

    the cool thing about those 2 newly introducted MS security eventid 4799, 4798 is that they will capture any local group/user discovery attempts even if done via winapis, below an e.g. with the checkadmin.exe custom recon tool referenced in Operation Wocao :D

    Prikaži ovu nit
    Poništi
  9. Indicators of Compromise and signatures (Snort & YARA) can be found on our GitHub page:

    Prikaži ovu nit
    Poništi
  10. We mapped all TTP’s to the MITRE ATT&CK framework. The actor uses a mix of custom & open-source attack tools during their operations.

    Prikaži ovu nit
    Poništi
  11. One of the most exciting parts of IR work is monitoring threat actors while they are still active. This report describes one of the actors that we observed live in action.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    11. pro 2019.

    How to implement critical but complex security protections across a large organization in 6 simple steps:

    Prikaži ovu nit
    Poništi
  13. Treasury sanctions the group behind the Dridex malware, and connects its leader directly to helping the Russian government with espionage.

    Poništi
  14. AZORult malware spreading in the Netherlands on Black Friday. C&C server is at networkboardspinof[.]com

    Poništi
  15. Let op voor neppe PostNL phishing mails op Black Friday, zoals onderstaand. Verspreidt AZORult malware welke zowel login gegevens als creditcard gegevens steelt.

    Poništi
  16. proslijedio/la je Tweet
    28. stu 2019.

    Defensive Cyberspace Operation Response Action, which includes cyberspace attack in U.S. military doctrine. It will be interesting to see if France 🇫🇷 uses state attack capabilities against international criminals. What a great live target to crush and get attack experience.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet

    Just how sick is Trump's Crowdstrike conspiracy theory? Very. A personal thread.

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    21. stu 2019.

    Just your occasional reminder that pushed the DNC-hacked-itself conspiracy theory that Nunes is pursuing, and has never retracted it

    Poništi
  19. proslijedio/la je Tweet
    12. stu 2019.

    BREAKING: a federal judge has ruled that suspicionless searches of travelers’ cell phones, laptops, and other electronic devices when we cross the U.S. border are unconstitutional. This is an enormous victory for privacy.

    Prikaži ovu nit
    Poništi
  20. Alleen is het helemaal geen phishing link, maar een normale link naar een website zonder dat daar om een wachtwoord wordt gevraagd of malware op staat. Wat een bijzonder slecht item

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·