Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @MartinKorman
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @MartinKorman
-
Prikvačeni tweet
https://medium.com/dfir-dudes/regipy-automating-registry-forensics-with-python-b170a1e2b474 … I'm releasing Regipy: an OS independent python library for parsing offline registry hives, with a lot of awesome features!
#DFIRHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
This is how we start the week! What about you? BsidesTLV 2020 CFP is open https://cfp.bsidestlv.com/20/cfp Submit and share.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
I keep forgetting how to use the Python bindings for the Unicorn Engine, so I created a nice README for it. I plan to add a complete code walkthrough but for now it’s still a nice reference.https://github.com/alexander-hanel/unicorn-engine-notes/blob/master/README.md …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
1\ I've written a little compiler to ship ML models as standalone Yara rules, and done proof of concept detectors for Macho-O, RTF files, and powershell scripts. So far I have decision trees, random forests, and logistic regression (LR) working. https://github.com/inv-ds-research/yaraml_rules …pic.twitter.com/sfuXEkHeNO
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
Large scale malware similarity visualization work by
@rpgove, myself, and others. We built a prototype set of analytics and accompanying GUI to accelerate malware analysis over many samples, and did a user study showing efficacy. http://vis.cs.ucdavis.edu/vis2014papers/VIS_Conference/workshops/vizsec/files/gove2014seem.pdf …pic.twitter.com/DKE73zTdhy
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
Pipeline tests are like unit tests for datasets: they help you guard against upstream data changes and monitor data quality.https://greatexpectations.io/
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
New Trickbot module 'ADll' dumps Active Directory database files (ntds.dit & ntds.jfm) and registry hives using the 'ntdsutil' and 'reg save' commands: https://www.virustotal.com/gui/file/28e2c30f8423463a14659f8004692cc04ba36e9a1065bfd78c451bc8794415fa/ …
#trickbotHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
A new NTFS sample ("ntfs_extremely_fragmented_mft.raw") uploaded: https://github.com/msuhanov/ntfs-samples …
#DFIR This was an attempt to check if there is a limit for$MFT fragmentation. The resulting$MFT file uses 12 file record segments, 3 of them have high numbers (like "user files").Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
Want to make service removal really fun? Create a service with a unicode name. The service will run but won't show in sc.exe, services.msc, or taskmgr.exe and will sometimes cause a critical error while trying to find it with PowerShell/WMI. Unicode wins again.
pic.twitter.com/qiAoSya623
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
Microsoft added Event ID 1 to the Application Log to show attempted exploitation of CVE-2020-0601 (via new CveEventWrite function). Use Splunk? Collect that EID and alert on: sourcetype=WinEventLog EventCode=1 LogName=Application Message="*[CVE-2020-0601]*" (tweak as needed)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
Added USN monitoring to trigger when an MFT entry gets touched to allow for real-time MFT entry watching. The more I do this the more I realize how interdependent all these components are. In this example, I create a hardlink and see the MFT changes.
#DFIR#rustlangpic.twitter.com/MqVdA8Wq8jHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
CVE-2019-19781 Live Response First Steps ========================= Some tips on how to go about running a micro-compromise assessment on Netscaler boxes, this is what I've been using: >>> Check the root user command history: history /1
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
A PDF containing an overview and alphabetical listing of Windows commandshttps://www.microsoft.com/en-us/download/details.aspx?id=56846 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
#DFIR PSA: https://github.com/omerbenamram/evtx … just got even faster on 0.6.5. Especially if you are running it under windows (3x increase for `evtx_dump`)! Linux is also faster by 30-40%!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
The Dog Whisperer’s Handbook - great work && must read by my friend
@SadProcessor#infosec#pentest#redteam#blueteamhttps://insinuator.net/2018/11/the-dog-whisperers-handbook/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
I uploaded a video example using DbgChild plugin for x64dbg:https://www.youtube.com/watch?v=NfA2HAJa0Rk …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
My Signature Creation Mind Map Input: Sample > the things that I check to create YARA signatures, Sigma rules or IOCs > or pivot to related samples in order to improve the signatures / rulespic.twitter.com/DcwYg0tZ6w
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
Made some major updates to the
#dfir#rustlang Event Listener! Watch all channels or just a subset with multiple -c values. Get historical events + listen to live changes with the --historical option. XML is an option too if you dont like json lines. https://github.com/forensicmatt/RsWindowsThingies/releases/tag/v0.3.0 …pic.twitter.com/XdhMIFMO89
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
the cool thing about those 2 newly introducted MS security eventid 4799, 4798 is that they will capture any local group/user discovery attempts even if done via winapis, below an e.g. with the checkadmin.exe custom recon tool referenced in Operation Wocao :D
#detectionpic.twitter.com/E0vq8GkW7l
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
Ever wish you could color a cell so you can quickly find it when scanning a
#Jupyter notebook?
TRY IT: https://mybinder.org/v2/gh/JohnLaTwC/Shared/master?filepath=notebooks%2FColor%20cells.ipynb …pic.twitter.com/8z6ldks0gU
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Martin Korman proslijedio/la je Tweet
#champdfa Fall 2019 Capture the Flag is now available to the public! There’s OSINT, Crypto, Windows, AND a super secret mystery device! Please RT and share so everyone can take advantage of these cool challenges!#DFIR#CTF#OSINT#Crypto#MysteryDevice https://champdfa-fa19.ctfd.io/Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.