PO3T

@PO3T1985

IT security analyst, malware enthusiast, poker player, gamer. ♠️♣️♥️♦️ All opinions expressed here are my own, not those of my employer.

Switzerland
Vrijeme pridruživanja: prosinac 2013.
60 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @PO3T1985

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @PO3T1985

  1. proslijedio/la je Tweet
    29. sij

    Introducing my newest project: I got phished The goal is to notify IT-security representatives about phishing victims within their constituency 📨 👉 A big thanks to who initiated the project! 👏 For bug reports and feature requests -> DM me

    15 replies 173 proslijeđena tweeta 328 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    26. sij

    Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!

    47 replies 1.122 proslijeđena tweeta 3.140 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    23. sij

    PoC (Denial-of-Service) for CVE-2020-0609 & CVE-2020-0610 Please use for research and educational purpose only.

    6 replies 143 proslijeđena tweeta 344 korisnika označavaju da im se sviđa
    Poništi
  4. 18. sij

    I agree though that you need some kind of emergency patching procedure, otherwise you'll eventually get hit like in this case. If you run threat intel, trigger that procedure, if you see that you won't last till next cycle.

    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. 18. sij

    Correction: Most companies have patching ^^ Anyhow, lets keep in mind that most of these companies have to do some testing, before rolling out patches - this is not single clients like at home where you can immediately patch to production - and even those fail sometimes ;)

    1 reply 1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. 18. sij

    All companies have patching - but that takes time and resources. There is definitely some lessons to be learned here, this sort of reporting though is not helping. So go easy, will ya?

    1 reply
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. 18. sij

    I'd appreciate if media stop their sensationalist reporting about CVE-2019-19781, telling people vulnerability has been long since been known about... its been 3 weeks - over the holidays on top of that.

    1 reply 2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. 18. sij

    still making the rounds. As in the past using cloud file sharing.

    Poništi
  9. 15. sij

    and all contributers: you guys rock my world. Thank you so much for your hard work - it is priceless.

    2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. 15. sij

    For the past 3+ years I've been building Security Incident Management, Threat Intel, Threat Hunding, Vulnerability Mgmt, Security Posture Assessments and more services from scratch. MITRE and ATT&CKcon gave me tons of new insights and ideas - worth taking a look.

    Videos and slides from ATT&CKcon 2.0 have been available since shortly after the conference, but we recently updated our website to make them much easier to find. Everything from ATT&CKcon 2018, and 2.0 can now be found at .
    1 reply 2 proslijeđena tweeta 12 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. 9. sij

    A customer of mine has Skype/Lync Federation active. His ATP now alerts possible C2 connection, as some domains it tries to connect to, are on their providers' s***list. Whats the solution here? Exclude clean domains, exclude Skype server from ATP? Other? Any thoughts?

    Poništi
  12. 2. pro 2019.

    More mails going for webmail credentials. I had to LOL reading that techour sites' description. Advanced IT training... Web programming my a** Secure your site gents.

    1 korisnik označava da mu se sviđa
    Poništi
  13. 18. stu 2019.

    Same C2 actually, just another IP dbanks.duckdns[.]org

    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. 18. stu 2019.

    RAT distributed in themed mails (last Friday). Payload being hosted on Hmm, might be the competition? Address in the message is a UPS store 😊 Other C2 than

    1 reply
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. 7. stu 2019.

    Down now.

    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. 6. stu 2019.

    There, rant is done. shutdown -h now

    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. 6. stu 2019.

    Whats even worse, I can't find a single statement on your feeds like "guys, we're on it". Instead you chose to ignore it while promoting tools like Phish Hunter to your customers? These issues don't go away if you chose to ignore em - they get worse.

    1 reply
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. 6. stu 2019.

    ... and this specific site is still up and running after 36 hours (or was last I checked, around 3 hours ago).

    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. 6. stu 2019.

    Just saying cuz this seems to be going on for a while now...

    1 reply
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. 6. stu 2019.

    Far be it from me to judge you, but if my services were used to attack my customers and they'd have to report it to me (instead of me detecting it myself), I'd be forcing a couple egg heads to do some overtime to get this fixed asap...

    1 reply
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@PO3T1985 još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·