Wietze

@Wietze

Endpoint Threat Detection and Response at . Interested in cyber security, tech and politics. Views are my own, unless retweeted.

London, UK
wietzebeukema.nl
Vrijeme pridruživanja: prosinac 2008.
81 fotografija ili videozapis Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @Wietze

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Wietze

  1. Prikvačeni tweet
    8. lip 2019.

    This week I gave a talk at on how to do Adversary Emulation the right way, featuring 's CALDERA 👾 If you want to see LOLbins, obfuscation and masquerading in action, check out the slides & code: 🔸

    55 proslijeđenih tweetova 130 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. prije 5 sati

    Good write-up 🔥 "Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access"

    Poništi
  3. 4. velj

    6️⃣ But if the key is present and the TeamViewer service is running, you might be able to perform actions as SYSTEM. 7️⃣ It's still bad practice to encrypt passwords, regardless of how it can be used. 8️⃣ Should it be fixed? Yes. Is it as bad as some people claim? No. [3/3]

    1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. 4. velj

    3️⃣ In v10+ PermanentPassword is used, which cannot be decrypted with the given key/IV. 4️⃣ The flaw gives you TeamViewer's Unattended Access password, not your Windows one. 5️⃣ Even if present and successfully decrypted, 'privilege escalation if reused' is a bit of a stretch. [2/3]

    1 reply
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. 4. velj

    On the TeamViewer Privilege Escalation story () 1️⃣ After testing it for myself, the reg keys described in the post are not created in v10-15. 2️⃣ As pointed out on Reddit, the reg keys are only created in specific circumstances. [1/3]

    1 reply
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    21. sij

    PowerShell Obfuscation using SecureString : PowerShell : Convert to / From - SecureString decoder : cc

    47 proslijeđenih tweetova 102 korisnika označavaju da im se sviđa
    Poništi
  7. 20. sij

    cc

    1 reply 1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. 20. sij

    A write up of PowerShell obfuscation using SecureString: an obfuscation technique that has so far not received the attention it deserves. Your EDR might decode Base64 encoded strings, but will it automatically decode SecureString objects? Probably not. 🟠

    1 reply 10 proslijeđenih tweetova 14 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. 13. sij

    Recently I had to analyse some PowerShell scripts with `ConvertFrom-SecureString` obfuscation in it. I couldn't find a simple online tool to decode, so I built one myself. 👉 Live: 👉 Code : Feedback welcome!

    1 reply 7 proslijeđenih tweetova 19 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. 16. pro 2019.

    Good read - a clever way of getting SYSTEM-level access to files, which can then be used to run arbitrary code as SYSTEM. Shame the vendor ignored the attempted responsible disclosure!

    I have just published this funny post: From iPhone to NT AUTHORITY\SYSTEM :-) cc
    Prikaži ovu nit
    2 proslijeđena tweeta 3 korisnika označavaju da im se sviđa
    Poništi
  11. 27. stu 2019.

    Party like its 1999: Y2K-esq bug in Splunk will lead to data loss starting 1 Jan 2020:

    Poništi
  12. 14. stu 2019.

    We at are looking forward to present "Threat Modelling with Tanium" at . We have some exciting things to share with you this year, hope to see you there! Join us on 19 November, 1PM EST

    11 proslijeđenih tweetova 18 korisnika označava da im se sviđa
    Poništi
  13. 13. stu 2019.

    Check out which MPs are most often mentioned in the same articles 👇 Updated with 2019 data (Unsurprisingly, the landscape has changed significantly since 2016 )

    4 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    28. lis 2019.

    You can't protect what you can't see. This year, we will show you how you can identify and visualise high risk threat vectors by combining and contextualising discrete datasets. It all begins with visibility...

    7 proslijeđenih tweetova 14 korisnika označava da im se sviđa
    Poništi
  15. 27. lis 2019.

    Therefore -ers, make sure you: 1️⃣ Avoid relying on JUST command line strings; 2️⃣ When you do, be aware of the different command line argument starts (/ vs - vs -- vs \, but as seen in the previous tweet not even that's everything). Make agnostic if possible!

    1 reply 1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. 27. lis 2019.

    Clever method indeed! Tried a few binaries, looks like it's mainly certutil that's vulnerable to this trick using alternative Unicode characters such as 'Modify Letter Capitals'. Same for the en/em dashes. Simple way of bypassing string-based detection!

    1 reply 4 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. 28. ruj 2019.

    Poništi
  18. proslijedio/la je Tweet
    14. ruj 2019.

    California has mandated minimum security standards for networked products. Other governments need to catch up

    1 reply 32 proslijeđena tweeta 34 korisnika označavaju da im se sviđa
    Poništi
  19. 22. kol 2019.

    A write-up of my talk on taking Adversary Emulation to the next level is now available. Read about how we have implemented common attacker techniques such as LOLbins, obfuscation techniques and masquerading in 's CALDERA 🔥 🔹

    6 proslijeđenih tweetova 14 korisnika označava da im se sviđa
    Poništi
  20. 23. srp 2019.

    3-year-old tweet, relevant again today

    0:29
    Conservatives Got Talent 2016 - the compilation.
    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  21. 14. srp 2019.

    Now waiting for the above tweet to print...

    1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@Wietze još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·