Raiona

@Raiona_ZA

Vrijeme pridruživanja: srpanj 2014.
5 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @Raiona_ZA

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Raiona_ZA

  1. Prikvačeni tweet
    19. stu 2019.

    This work came off the back of several client engagements where we were seeing incomplete red forest implementations that weren't up to the task of securing AD properly... It's not that Red Forest can't be implemented and have a positive security impact

    There’s a fine line between implementing and implementing it properly. Our new whitepaper, written by and , shows you where you’ve gone wrong when securing >> |
    1 reply 2 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    3. velj

    HELP and Twitter. You are asked to put together a security strategy by people who have high expectations and no idea what they want. What questions do you ask to help pinpoint desired solution?

    79 replies 24 proslijeđena tweeta 136 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    30. sij

    Ever wanted to take a peek at the mimikatz sekurlsa::msv internals? New blog post is all about it plus, it also showcases PyKDumper, a tool that dumps LSASS credentials through WinDBG/PyKD.

    78 proslijeđenih tweetova 146 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    2. velj

    KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore,

    170 proslijeđenih tweetova 322 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    9 replies 199 proslijeđenih tweetova 398 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    23. tra 2019.

    My favorite "wait, why, exactly?" Jenkins feature: Have you lost your local CI server? Just send a UDP packet to broadcast port 33848, and all local Jenkins servers will report back. $ echo 'ping' | socat -t5 - UDP-DATAGRAM:255.255.255.255:33848,broadcast

    5 replies 23 proslijeđena tweeta 80 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    30. sij

    DMA attacks are often misunderstood as requiring physical access to a device. However, in many cases they can be done remotely, like in this example of exploiting firmware on Nerwork Cards

    Odgovor korisniku/ci @c7zero
    Another (old) example of remote DMA attack using a vulnerable NIC:
    29 proslijeđenih tweetova 54 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    30. sij

    Headed to in March? Don't miss 's talk on SQL Server Hacking Tips for Active Directory Environments.

    8 proslijeđenih tweetova 8 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    28. sij

    Over the past few years I've spent 100s (1000s?) of hours studying how companies have scaled their security. Here are my slides that distill what I've learned- the big, scalable, systematic wins that measurably improve your security posture.

    83 proslijeđena tweeta 181 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    27. sij

    LOCAL AND REMOTE HOOK msv1_0!SpAcceptCredentials from LSASS.exe and DUMP DOMAIN/LOGIN/PASSWORD IN CLEARTEXT to text file.

    65 proslijeđenih tweetova 92 korisnika označavaju da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    28. sij

    tip: use logman.exe with -b, -rf, -s, and -rc to create highly-privileged local, and remote scheduled tasks. They are deeply hidden in the Task Scheduler GUI, especially as the actions are masked under "Custom Handler". And no one looks for attackers in Perfmon/DCS.

    150 proslijeđenih tweetova 359 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    28. sij

    Some things make more sense when one realizes that there are at least 5 distinct security communities: Security product people (people that view security as something that can be added by buying/selling products), Security Infrastructure people (people that view security as ...

    144 proslijeđena tweeta 469 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. 27. sij

    . 👋 Any advice on where to direct this question?

    . No idea who to reach out to at Microsoft to ask about this, (so please push me in their direction) but is there a reason TGT request logs (event ID 4768) don't store the hostname along with the IP address on DCs? This seems like it would be a really useful addition...
    Poništi
  14. proslijedio/la je Tweet
    27. sij

    Reading emails from Office365 account using PowerShell

    54 proslijeđena tweeta 128 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    27. sij

    We've added 11 new XSS labs, with learning materials. There is new content on CSP, dangling markup injection, and escaping the AngularJS sandbox.

    149 proslijeđenih tweetova 503 korisnika označavaju da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    27. sij
    Odgovor korisnicima

    There is a simplier way to perform: make a single DLL with security package exports functions (and the entry to SpAcceptCredentials). Then insert it in live LSASS using AddSecurityPackage. No need to hook, there is an API for that ;-)

    5 proslijeđenih tweetova 16 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    26. sij

    Some study notes on LSASS hooking for harvesting interactive logon credentials. Thanks to for his inspiring posts about mimikatz.

    5 replies 176 proslijeđenih tweetova 406 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    26. sij

    Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!

    47 replies 1.122 proslijeđena tweeta 3.143 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. 26. sij

    . No idea who to reach out to at Microsoft to ask about this, (so please push me in their direction) but is there a reason TGT request logs (event ID 4768) don't store the hostname along with the IP address on DCs? This seems like it would be a really useful addition...

    1 korisnik označava da mu se sviđa
    Poništi
  20. proslijedio/la je Tweet
    25. sij

    What would be the first 3 things you'd do if a company hires you to help them improve their security? These are mine, what about yours? 1) Asset management 2) Offsite backups for all assets (disaster recovery) 3) 2FA wherever possible

    154 proslijeđena tweeta 905 korisnika označava da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    20. sij

    As promised, a short post on Hyper-V admin privesc: /cc

    144 proslijeđena tweeta 278 korisnika označava da im se sviđa
    Poništi

@Raiona_ZA još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·