Kirk Sayre

@bigmacjpg

Cyber security researcher.

Vrijeme pridruživanja: siječanj 2018.
4 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @bigmacjpg

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @bigmacjpg

  1. prije 2 sata

    Personally I'm not very sad that AV flags this file. If its a business process it should be reworked.

    If you wondered why AV has false positives, take a look at this excel file: 1. Runs code automatically on opening 2. Uses native APIs that manipulate memory 3. Instantiates a COM object defined in a text string in a macro Benign.
    1 reply 1 korisnik označava da mu se sviđa
    Poništi
  2. proslijedio/la je Tweet
    30. sij

    For the past few months, I've been diving into Apple's Endpoint Security Framework. This post shares how I use the framework for detection engineering purposes.

    134 proslijeđena tweeta 354 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    30. sij

    On successful compromise of the user endpoint, the red team deployed their ultimate weapon

    0:45
    I made a goose that destroys your computer Download it free here:
    Prikaži ovu nit
    1 reply 28 proslijeđenih tweetova 104 korisnika označavaju da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    25. sij

    Our latest blog takes a deep dive into Microsoft Rich Text Format and OLE Exploits:

    66 proslijeđenih tweetova 104 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    23. sij

    Jscript dropper: Decoy doc suggests Poland FI targeting. Drops and executes what look like ? Gotta love the pokemon image dropped

    1 reply 13 proslijeđenih tweetova 31 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    20. sij

    2020: still "2" lines of code to get browsers saved creds and so many security products with no resilient detection/prevention for the same issue

    52 proslijeđena tweeta 215 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    20. sij

    Perhaps to honor Acad. Sendov's memory, I should tell you the story about how our Lab was created. So, gather 'round the fire, kids, etc., etc. It's story time...

    12 proslijeđenih tweetova 52 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    16. sij

    interesting sample, uses ShellWindows COM to bypass suspicious office child processes, try to download calc.bin from a likely legit/compromised bitcoin related website:

    30 proslijeđenih tweetova 98 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    17. sij

    Fattura-17.01.20.xls d4df569ab928bbdd99d30d87e5b6c9c394f3b221b2c9a4ae410be56e9affd64c dropped from https://att-0748.fileshare-storage[.]com/download.php c2: https://reselling-corp[.]com/2020hny thx urlhaus!

    1 reply 4 proslijeđena tweeta 11 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    15. sij

    Microsoft added Event ID 1 to the Application Log to show attempted exploitation of CVE-2020-0601 (via new CveEventWrite function). Use Splunk? Collect that EID and alert on: sourcetype=WinEventLog EventCode=1 LogName=Application Message="*[CVE-2020-0601]*" (tweak as needed)

    5 replies 201 proslijeđeni tweet 393 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    15. sij

    Slides from my talk on MacOS detections and post infection analysis: . Gave shoutouts to and . Thanks to everyone who attended!

    19 proslijeđenih tweetova 37 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    14. sij

    Rough Patch: I Promise It'll Be 200 OK (CVE-2019-19781) |

    30 proslijeđenih tweetova 67 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    11. sij

    Nothing says "have a nice weekend" better than releasing a zero day exploit on a late Friday evening

    18 replies 115 proslijeđenih tweetova 328 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. 13. sij

    Uh oh. Golang ...

    2020-01-06: 🆕🔒 "" aka ""🐍 🎯Targeted Ransomware|"We breached your corporate network..." Str->'FileName'->'IV'->'ENCRYPTED_AES_Key'->'EKANS' Marker Path: 👾C:/Users/WIN1/go/src/.../crypt.go h/t cc
    Prikaži ovu nit
    1 korisnik označava da mu se sviđa
    Poništi
  15. proslijedio/la je Tweet
    13. sij

    Heads up! Emotet is back and just re-started it's spam campaigns 📨 Doc (MD5): aead1225141fadd849a27de8a27d16be Payload delivery URLs via URLhaus:

    5 replies 114 proslijeđenih tweetova 130 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    11. sij

    I often hear: 'but, but attackers will use a modified version of my tool to evade the detection method that you've just published' Truth is, 98% of attackers use your tools exactly as you've dropped them.

    9 replies 63 proslijeđena tweeta 321 korisnik označava da mu se sviđa
    Poništi
  17. 8. sij

    Fantastic. What a mess ...

    I know why you're here, Tweeter. I know what you've been doing... why you hardly sleep, why you live alone, and why night after night, you sit by your computer. You're looking for this kickass 0% detection obfuscation.
    Prikaži ovu nit
    2 korisnika označavaju da im se sviđa
    Poništi
  18. 7. sij

    is an interesting maldoc. The VBA pops up a custom password box and the shell payload is only executed if the entered password begins with a 'c' or 'C'. Low detection rate and will foil sandboxes. Hits http[:]//quickwaysignstx[.]com/view.php for 2nd stage.

    1 reply 13 proslijeđenih tweetova 32 korisnika označavaju da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    31. pro 2019.

    this one is also one of my favorite quick-hunts to check for the occurence of any rogue shell (cmd.exe) based on top seen publicly abused (servicedll, dll via rundll32, injection) parent processes, below an e.g. for zxshell remote shell behavior

    70 proslijeđenih tweetova 222 korisnika označavaju da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    1. sij

    Open-sourcing was one of my goals for 2019, but I failed this one. I resumed the development, and did some refactoring, but it’s not ready yet - sorry! I’m moving this goal to 2020.

    5 replies 6 proslijeđenih tweetova 131 korisnik označava da mu se sviđa
    Poništi

@bigmacjpg još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·