Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @abdulqadirkhoso
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @abdulqadirkhoso
-
abdulqadir proslijedio/la je Tweet
How to Catch Data Exfiltration With a Single Tshark Command! https://www.activecountermeasures.com/how-to-catch-data-exfiltration-with-a-single-tshark-command-video-blog/ …
#ThreatHunting#VideoBlogHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
abdulqadir proslijedio/la je Tweet
Reminded me of this one (via
@insinuator): Is IPv6 more Secure than IPv4? Or Less?https://insinuator.net/2015/06/is-ipv6-more-secure-than-ipv4-or-less/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
abdulqadir proslijedio/la je Tweet
Some Lateral Movement Methods: -Pass the Hash/Relay ((Net-)NTLM) -Pass the Ticket (Silver/Golden) -RDP (Legit creds) -Remote Services (VNC/SSH) -(D)COM (Remote sched tasks, Services, WMI) -Remote Service Vuln (EB) -Admin Shares (PSExec) -Webshell (Chopper) -WinRM (PS Remoting)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
abdulqadir proslijedio/la je Tweet
Log Sources - ordered by priority - with ratings in different categories - personal and highly subjective assessment - from my most recent slide deck on low hanging fruits in security monitoring
#SIEM#SecurityMonitoring#ThreatHuntingpic.twitter.com/wuWImWLB77
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
abdulqadir proslijedio/la je Tweet
If you're not retaining things like DHCP logs, DNS logs, RDP logs, some kind of internal network monitoring/visibility, you should do that. Trying to hunt through 2 month old traffic is hard when you can't correlate IP to Endpoint because DHCP.
#infosecHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
abdulqadir proslijedio/la je Tweet
Processes with /tmp or /home as a CWD should probably be investigated
#threathuntingPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
abdulqadir proslijedio/la je Tweet
These custom Invoke-Mimikatz parameters are also

I genuinely appreciate that people are having fun.
Pictured: grep -ioEh 'ParameterSetName = "[^"]*",' <667 samples of invoke-mimikatz> | sort -upic.twitter.com/Nu5Ll5y5z3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
abdulqadir proslijedio/la je Tweet
Version 3.6.1 of AI-Hunter has been released! https://www.activecountermeasures.com/ai-hunter-v3-6-1-is-in-the-wild/ …
#AIHunter#ThreatHunting#ActivecountermeasuresHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
abdulqadir proslijedio/la je Tweet
processes that use bits in windows, SCCM client, browsers, outlook, onedrive & some update programs, powershell one was for testing thus it's not that frequent to have it there and if so likely the transfer job name will be known and can be baselined.pic.twitter.com/Vcm4IK6Qcf
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Forget alert driven hunting....Data driven analysis and hunting is better approach.
Good read..https://twitter.com/SOC_Prime/status/1220269991234342912 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Detecting the beacons!!!https://twitter.com/blueteamsec1/status/1217545248374542336 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A “normal” x509 certificate size is usually around 1kB, so certificates that are 11kB should be considered as anomalies. https://www.netresec.com/?page=Blog&month=2018-02&post=Examining-an-x509-Covert-Channel …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
abdulqadir proslijedio/la je Tweet
Account Logon Flow / Process (#Windows) v0.1
[PDF]:https://speakerdeck.com/rimpq/account-logon-flow-windows …
[DIRECT]:https://speakerd.s3.amazonaws.com/presentations/1c1196d9f4d647b7bcfb9c25cdc28388/windows_account_logon_flow_v0.1.pdf …
...for self understanding logon flow / process in windows system. Special thanks to Andrei Miroshnikov
"Find Evil – Know Normal" #SANS#threathunting#blueteampic.twitter.com/jVuLNRpAZh
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
TCP/IP Pocket Reference Guide https://www.sans.org/security-resources/tcpip.pdf …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
abdulqadir proslijedio/la je Tweet
Opportunistic scanning activity continues to target Citrix (NetScaler) servers vulnerable to CVE-2019-19781. This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the targeted server.
#threatintelhttps://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
abdulqadir proslijedio/la je Tweet
#BugBountyTip When using#Nmap as part of your#Recon arsenal, make sure to add --data-length=50 {or any number in 20~60, the TCP packet header size). Otherwise, Nmap will in many cases return False Positives (i.e. too many open ports, or ports that are not actually open).#TBCPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.