AlterLabs

@alter_labs

Information Security Services | Training

Somewhere in Asia
alterlabs.com
Vrijeme pridruživanja: prosinac 2014.
1 fotografija ili videozapis Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @alter_labs

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @alter_labs

  1. proslijedio/la je Tweet
    27. sij

    me: has used Bash for over a dozen years also me: Googles how "if" works

    35 replies 76 proslijeđenih tweetova 896 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    28. sij

    This is a pretty good deal! Lots of fresh good books there.

    It's ! We're offering 30% off all our & books to help keep you . Use coupon code DATA2020 at checkout:
    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    28. sij

    Here's a working POC for manually performing DNS Rebinding attack. 🙂 Some people asking me for this in DM.

    76 proslijeđenih tweetova 227 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    27. sij

    When you're brute forcing for endpoints, don't forget to add extensions. You can also use this method to discover backup files. Here's a command I use frequently: dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u <target>

    13 replies 160 proslijeđenih tweetova 457 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    27. sij

    Windows Kiosk breakout tip: If you get a Printing panel, and the traditional methods don't work: Amongst the printers, select "SendTo OneNote" OneNote will launch -> Add new notebook On the Notebook -> New page Type: \\127.0.0.1\c$\windows\system32\cmd.exe Click the link

    28 replies 650 proslijeđenih tweetova 2.706 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    23. sij

    Which services do you find most often exploited by attackers in internal networks? (non-OS / application level) My list: 1. Tomcat with default creds 2. JBoss (JMX) 3. HP Data Protector / OmniBack

    17 replies 47 proslijeđenih tweetova 169 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    23. sij

    Not sure what information the Shodan API returns for an IP? Check out the raw data tab on the beta website to view all the available data

    26 proslijeđenih tweetova 142 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    23. sij

    I made a table to compare tools available that support persistence via WMI Event Subscription and their triggers. If you need more information just visit the article.

    40 proslijeđenih tweetova 97 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    23. sij

    Quick Sysmon config snippet for SharpRDP - thank you for the actionable defensive guidance: ➡️ /cc: Please test before pumping into prod 🤠

    47 proslijeđenih tweetova 124 korisnika označavaju da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    22. sij

    Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)

    20 replies 534 proslijeđena tweeta 949 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    20. sij

    Time for a new tip! When I sign up to a website/newsletter/reset password, I look at the website which hosts the logo/image in the email I receive. This led me multiple time to insecure AWS S3 buckets and scope expansion.

    149 proslijeđenih tweetova 534 korisnika označavaju da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    19. sij

    Ethical Hacking Lessons — Building Free Active Directory Lab in Azure

    153 proslijeđena tweeta 406 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    19. sij

    Now that's helpful :)

    Not sure what search filters are available? Check out our new filter reference page:
    12 proslijeđenih tweetova 60 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    18. sij

    Oh my god. 13 years after I sign up for AWS it finally happened to me: my first terrifying bill. $1300. 😱 I’d been playing with Control Tower and set up a handful of accounts. Forgot about it for a month. Turns out it deploys a LOT of NAT gateways.

    71 reply 51 proslijeđeni tweet 622 korisnika označavaju da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    17. sij

    Want to make service removal really fun? Create a service with a unicode name. The service will run but won't show in sc.exe, services.msc, or taskmgr.exe and will sometimes cause a critical error while trying to find it with PowerShell/WMI. Unicode wins again.🤦‍♂️

    13 replies 390 proslijeđenih tweetova 882 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    17. sij

    If you have AppLocker deployed, be aware that most times when Windows 10 is updated/upgraded, it creates a TASKS_MIGRATED folder under C:\windows\system32 that has the CREATOR OWNER, meaning that users can create and execute files from the folder and bypassing AppLocker 😱

    7 replies 330 proslijeđenih tweetova 652 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    16. sij

    To clarify the Windows crypto fail: The problem isn't in signature validation. The problem is the *root store/cache*. CryptoAPI considers an (attacker-supplied) root CA to be in the trust store if its public key and serial match a cert in the root store, Ignoring curve params.

    12 replies 220 proslijeđenih tweetova 549 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    17. sij

    Bringing to international stage on Cybersecurity Capacity Building

    2 proslijeđena tweeta 2 korisnika označavaju da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    15. sij

    Microsoft added Event ID 1 to the Application Log to show attempted exploitation of CVE-2020-0601 (via new CveEventWrite function). Use Splunk? Collect that EID and alert on: sourcetype=WinEventLog EventCode=1 LogName=Application Message="*[CVE-2020-0601]*" (tweak as needed)

    5 replies 201 proslijeđeni tweet 393 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    15. sij

    For all of you out there in restricted corporate environments who need to test the processing of event log entries for CVE-2020-0601, I wrote some VBA code to generate this event.

    111 proslijeđenih tweetova 195 korisnika označava da im se sviđa
    Poništi

@alter_labs još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·