Tweetovi

Blokirali ste korisnika/cu @abdulqadirkhoso

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @abdulqadirkhoso

  1. proslijedio/la je Tweet
    3. velj
    Poništi
  2. proslijedio/la je Tweet
    3. velj

    Reminded me of this one (via ): Is IPv6 more Secure than IPv4? Or Less?

    Prikaži ovu nit
    Poništi
  3. 3. velj

    Practical Packet Analysis using wireshark

    Poništi
  4. proslijedio/la je Tweet
    28. sij

    Some Lateral Movement Methods: -Pass the Hash/Relay ((Net-)NTLM) -Pass the Ticket (Silver/Golden) -RDP (Legit creds) -Remote Services (VNC/SSH) -(D)COM (Remote sched tasks, Services, WMI) -Remote Service Vuln (EB) -Admin Shares (PSExec) -Webshell (Chopper) -WinRM (PS Remoting)

    Poništi
  5. 27. sij
    Poništi
  6. proslijedio/la je Tweet
    26. sij

    Log Sources - ordered by priority - with ratings in different categories - personal and highly subjective assessment - from my most recent slide deck on low hanging fruits in security monitoring

    Poništi
  7. proslijedio/la je Tweet
    25. sij

    If you're not retaining things like DHCP logs, DNS logs, RDP logs, some kind of internal network monitoring/visibility, you should do that. Trying to hunt through 2 month old traffic is hard when you can't correlate IP to Endpoint because DHCP.

    Poništi
  8. proslijedio/la je Tweet
    18. sij

    Processes with /tmp or /home as a CWD should probably be investigated

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    18. pro 2018.

    These custom Invoke-Mimikatz parameters are also 💰💰 I genuinely appreciate that people are having fun. Pictured: grep -ioEh 'ParameterSetName = "[^"]*",' <667 samples of invoke-mimikatz> | sort -u

    Prikaži ovu nit
    Poništi
  10. 25. sij
    Poništi
  11. proslijedio/la je Tweet
    24. sij
    Poništi
  12. 24. sij
    Poništi
  13. proslijedio/la je Tweet
    23. sij

    processes that use bits in windows, SCCM client, browsers, outlook, onedrive & some update programs, powershell one was for testing thus it's not that frequent to have it there and if so likely the transfer job name will be known and can be baselined.

    Poništi
  14. 23. sij

    Forget alert driven hunting....Data driven analysis and hunting is better approach. 👇Good read..

    Poništi
  15. 22. sij
    Poništi
  16. 22. sij

    A “normal” x509 certificate size is usually around 1kB, so certificates that are 11kB should be considered as anomalies. 

    Poništi
  17. proslijedio/la je Tweet
    9. pro 2019.

    ⚙️Account Logon Flow / Process () v0.1 📕[PDF]: 🔗[DIRECT]: ...for self understanding logon flow / process in windows system. Special thanks to Andrei Miroshnikov💪 "Find Evil – Know Normal"

    Poništi
  18. 22. sij
    Poništi
  19. proslijedio/la je Tweet
    13. sij

    Opportunistic scanning activity continues to target Citrix (NetScaler) servers vulnerable to CVE-2019-19781. This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the targeted server.

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    13. sij

    When using as part of your arsenal, make sure to add --data-length=50 {or any number in 20~60, the TCP packet header size). Otherwise, Nmap will in many cases return False Positives (i.e. too many open ports, or ports that are not actually open).

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·