Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @RoiAbutbul
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @RoiAbutbul
-
Roi Abutbul proslijedio/la je Tweet
eBPF kills iptables - How http://Trip.com uses Cilium https://cilium.io/blog/2020/02/05/how-trip-com-uses-cilium …pic.twitter.com/SdM4toz8Jf
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
Pushed a new Rubeus release after getting some additional feedback from our most recent AT:RTO students. The full changes are detailed here https://github.com/GhostPack/Rubeus/blob/master/CHANGELOG.md#150---2020-01-31 … . To highlight a few new features- "/nowrap" globally prevents base64 blobs from line-wrapping, (1/4)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
I just published Unloading the Sysmon Minifilter Driverhttps://link.medium.com/Nbf5o8LUA3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
2020-01-22:


#TrickBot "Active Directory" (AD) Dumper Module Released | Build:
"ADll build Oct 17 2019 17:48:25 started"
ntds.dit & ntds.jfm | ntdsutil & reg save
Module In Development Since 2019
Reinforces Focus on AD Harvesting for Net Exploitation
cc /@DebugPrivilege https://twitter.com/sandornemes/status/1219501420774379520 …pic.twitter.com/seXkbnEPO3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
Revisiting RDP lateral movement https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3 … and releasing a project that will be part of a bigger tool coming next week
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
Apparently Windows network pentesting is now called red teaming. How good is your red team: - If there is no AD? - Against a multi-client env with no apparent central management? - No way to move laterally?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
I just published a blog post "Attacking Active Directory for fun and profit" https://identityaccess.management/2020/01/17/attacking-active-directory-for-fun-and-profit/ … with a reference to the talk of
@VK_IntelPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
Critical Cisco Flaws Now Have PoC Exploithttps://threatpost.com/cisco-dcnm-flaw-exploit/151949/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
For my fellow Active Directory defenders out there: Admin Account Schema Extensions for ADhttps://blog.iisreset.me/admin-account-schema-extensions/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
Spray-AD, a new
@OutflankNL Kerberos password spraying tool for Cobalt Strike that might come in handy when assessing Active Directory environments for weak passwords (generates event IDs 4771 instead of 4625).https://github.com/outflanknl/Spray-AD …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
Do you struggle to understand
#Kerberos in#ActiveDirectory environment ? This new article may help clarify things by simply explaining how Kerberos works. It is the first of a serie of posts about attacking Active Directory. Stay tuned
https://en.hackndo.com/kerberos/ Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
Next Windows Internals (Remote) Traininghttp://scorpiosoftware.net/2020/01/03/next-windows-internals-remote-training/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
An attacker logged into the RDP Honeypot a few weeks ago and was able to dump credentials and move laterally in 36 minutes. They used Advanced Scanner + ProcDump + PsExec to move laterally to a Domain Controller.
#rdphoneypotting#infosechttps://www.wilbursecurity.com/2019/12/from-zero-to-lateral-movement-in-36-minutes/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
New article about "Pass the hash" This technique is used in a lot of engagements, and yet it is not always fully understood. This is a little review of one of the most popular lateral movement techniques
https://en.hackndo.com/pass-the-hash/ Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
Attacking and Defending Active Directory: Domain Enumeration BloodHound http://bit.ly/2WFBKWQ https://www.pscp.tv/w/1OyKAevRgayKb
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Roi Abutbul proslijedio/la je Tweet
NotPetya infected 1000 machines in <2 min at a single company.
@RoiAbutbul explores how you can prevent pargeted malware attacks
https://buff.ly/2PFm7vl pic.twitter.com/Ox7iWvkaL3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
New blog post: Microsoft Threat Protection - unified hunting.
#MTP is here! Combining @WindowsATP,#OATP,#MCAS, and#AATP, it can be used to correlate data in the new#M365 security portal. Read what you can do with unified hunting.@MicrosoftMTPhttps://chrisonsecurity.net/2019/12/15/microsoft-threat-protection-unified-hunting/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
Here's the blog post on my new tool: https://dfir.blog/introducing-unfurl/ … Unfurl takes a URL
and expands ("unfurls") it to show all the data it contains. It's amazing how much can be hidden inside URLs!
Take it for a spin and tell me what interesting stuff you find

#DFIR#Pythonpic.twitter.com/446t1vcIeVHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Roi Abutbul proslijedio/la je Tweet
Many of you are going to love this: Public preview of
#AzureAD support for Windows VM's in Azure is live. Greatly simplifies securing your IaaS deployments! https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-authentication-to-Windows-VMs-in-Azure-now-in-public/ba-p/827840 …pic.twitter.com/hLKrEPuH75
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
Covenant
- PowerUp to elevate
- ProcDump, MIMIKATZ to grab creds
- Bloodhound to enum
- WMI, WinRm, RDP, SMB to move