Scott Sutherland

@_nullbind

Application & Network Pentester | PowerUpSQL Author

Minneapolis
netspi.com/blog/author/ss…
Vrijeme pridruživanja: srpanj 2010.
24 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @_nullbind

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_nullbind

  1. proslijedio/la je Tweet
    3. velj

    Getting DNS Client Cached Entries with CIM/WMI

    52 proslijeđena tweeta 110 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    2. velj

    2.8.0.0 released !!! 4 clicks and 2 <enter>, that what's between you and the hard truth of your AD security. Example of report: github: Changelog:

    244 proslijeđena tweeta 526 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    1. velj

    Load encrypted PE from XML Attribute. MSBuild is still the best.😅 MSBuild sets Property then calls Execute. Use this example to decouple payloads & prove that all security products have a "Single File Bias". Decouple payloads to subvert detection.

    5 replies 149 proslijeđenih tweetova 309 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    31. sij

    Join me and on Tuesday, February 11th as we unveil 3.0! We will demo new attack primitives, performance improvements, and changes in the GUI. Register for the webinar here (recording available afterwards):

    6 replies 153 proslijeđena tweeta 372 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    30. sij

    Headed to in March? Don't miss 's talk on SQL Server Hacking Tips for Active Directory Environments.

    8 proslijeđenih tweetova 8 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    29. sij

    Great thread, I echo the love for tracking pixels. I try to put them everywhere I can which doesn't impact OPSEC. You should never walk away from a phishing campaign without any new knowledge.

    This is a GREAT technique for identifying devices and usage patterns of targets. Send at 8 AM, 9 AM, Noon ... opened on mobile. (Commute and lunch) Send between 10 and noon, opened on full device. Cool, now we know when to send the maldoc.😈
    Prikaži ovu nit
    1 reply 3 proslijeđena tweeta 16 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    28. sij

    New blog (and tool): Attacking Azure, Azure AD, and Introducing PowerZure

    12 replies 385 proslijeđenih tweetova 794 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    25. sij

    I don't think and get enough credit for really driving a massive change in the way infosec views active directory. Novel attacks and C2 are great, but Bloodhound has cultivated a whole new school of thought in infosec. Its a whole different level of awesome.

    6 replies 21 proslijeđeni tweet 148 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    23. sij

    I was just looking over the training courses offered by and saw that their "Adversary Tactics: PowerShell" course has been discontinued. But, I discovered that they have released it on their GitHub!

    17 proslijeđenih tweetova 34 korisnika označavaju da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    21. sij

    Hey Defender friends. Turns out that removing those services with Unicode/non-printable characters is pretty hard, so I wrote you a tool to help with that. I'll be releasing the offensive PoC later this week or early next week.

    1 reply 102 proslijeđena tweeta 186 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    21. sij

    Added 2 more PoC scripts to the OffensiveDLR repo. One of which embeds the SSharp Compiler within a Posh script (Can be easily embedded from within any .NET language.) SSharp code compilation does not call csc.exe :)

    1 reply 73 proslijeđena tweeta 190 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    17. sij

    Tip: Always bring a partner. Whether it be phone-based or onsite, having someone to bounce ideas off of (plus the extra moral support) always leads to better results. Remember - "We ride together, we lie together"

    4 proslijeđena tweeta 7 korisnika označava da im se sviđa
    Poništi
  13. 16. sij

    I made a few additions to the PowerUpSQL wiki cheat sheet regarding authentication options for others who might need it:

    36 proslijeđenih tweetova 60 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    10. sij

    Detection Engineering Tip: Try not to view detection logic as detecting a malicious technique. View it as a mechanism to identify events that meet your established criteria of how your target technique deviates from the baseline of activity.

    7 replies 57 proslijeđenih tweetova 195 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. 10. sij

    Big thanks to . I'm excited for the opportunity to present at a conference with so many great community contributors.

    2 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    7. sij

    It may seem like an obvious role to restrict, but I have seen clients being generous with this role in AzureAD. Here's a link to the role's full permissions -

    3 proslijeđena tweeta 4 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    5. sij

    A Red Teamer's Guide to GPOs and OUs, by

    1 reply 171 proslijeđeni tweet 427 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    3. sij

    The offensive security community means a lot to me. Following 's great thread that injected some much needed infosec positivity, I wanted to highlight a few (offensive-ish) posts/talks that my team and myself enjoyed over the last year or so.

    231 proslijeđeni tweet 541 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    30. pro 2019.

    I initially wrote this blog thinking that the issue wasn't eligible (User Misconfiguration) for an MSRC submission, but it turns out they thought otherwise. A big thanks to the folks that were willing to give me credit on the CVE -

    24 proslijeđena tweeta 48 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    30. pro 2019.

    Found this gem from about kerberos in .net Bonus: the KerbDump Tool to view the ticket and even decrypt its encrypted part. From what I understand from the code, Windows only - to confirm.

    49 proslijeđenih tweetova 95 korisnika označava da im se sviđa
    Poništi

@_nullbind još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·