———–[]=¤ԅ(ˊᗜˋ* )੭

@bp256r1

Red team software dev. - previously: endpoint detection & response (EDR) / vulnerability assessment (VA) / distributed systems dev. at Rapid7

Toronto, Ontario
Vrijeme pridruživanja: prosinac 2017.

Tweetovi

Blokirali ste korisnika/cu @bp256r1

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @bp256r1

  1. Prikvačeni tweet

    Today's Twitter threads 📝 • Overview of MITRE ATT&CK + a CTI resource from ThaiCERT which includes information about 164 APTs + 19 (prolific) criminal groups • Using CVSS 2.x vectors to better understand security vulnerabilities

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet

    It's a Super Bowl victory, not the purge.

    Prikaži ovu nit
    Poništi
  3. Poništi
  4. proslijedio/la je Tweet
    prije 23 sata

    It's the year 2020, and we're still finding buffer overflows in programs written in C. Fortunately, those programs are only esoteric, rarely installed programs like... <checks notes> sudo.

    Poništi
  5. proslijedio/la je Tweet

    "Never underestimate the bandwidth of a handcart full of phones redirecting the highway."

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    1. velj

    For anyone wondering, yes it’s written in C# and yes I will be totally adding it as a SILENTTRINITY module if I can get the source code (a few changes need to be made in order for it to run in memory).

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    29. sij

    I made a goose that destroys your computer Download it free here:

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    prije 22 sata
    Odgovor korisniku/ci

    That's gotta be obnoxious as hell. Here you are trying to exfil documents for industrial espionage, and someone else just rolls up and encrypts it all for a cash grab. It's like the getaway driver for a bank heist getting carjacked while they're waiting.

    Poništi
  9. proslijedio/la je Tweet

    I'm developing a C2 server which allows you to: • Upload/download files; • Execute arbitrary code on Windows, Linux, macOS; and • Lookup related alerts via different EDR solutions. Agents talk to the C2 server via gRPC. Should I use REST, or gRPC for the user-facing API?

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    1. velj

    The biggest struggle I see from people transitioning from highly technical individual contributor roles to management roles is balancing their desire to remain technical while investing in things that are imperative to being a well rounded leader. That struggle is very real.

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    1. velj

    Would you like to detect, contain, and eradicate me and my team (and real threat actors) from one of the largest networks in the world across 5 continents?

    Poništi
  12. I'm a busy developer, and I'd like to minimize the amount of development that I have to do. I care about stability, maintainability, and ease of development more than performance. The agent and server are both written in Python (the agent may be written in Go in the future).

    Prikaži ovu nit
    Poništi
  13. I'm developing a C2 server which allows you to: • Upload/download files; • Execute arbitrary code on Windows, Linux, macOS; and • Lookup related alerts via different EDR solutions. Agents talk to the C2 server via gRPC. Should I use REST, or gRPC for the user-facing API?

    Prikaži ovu nit
    Poništi
  14. Is there a standard recipe for building out control planes for North/South traffic yet, or is everyone building their own? Based on my understanding, HashiCorp Consul was designed for East/West traffic, and Envoy can handle North/South + proxy to Consul, but, what else is there?

    Prikaži ovu nit
    Poništi
  15. Does anyone know of any good resources surrounding how to build endpoint detection & response (EDR) agents? I've spent the last few years developing EDR, but I'd like to better understand things like: 1) How to collect telemetry; and 2) How to structure data ingestion + C2

    Prikaži ovu nit
    Poništi
  16. [asking a question on StackOverflow] Me: "I'd like to do <x>, but I'm having trouble flibbleflobbing my fribblenobbers." [a concerned citizen approaches, and asks with a straight face] Them: "Why? Why would you ever want to do this?" [a mod approaches] Mod: "Resolved."

    Poništi
  17. proslijedio/la je Tweet
    29. sij

    🇮🇷 has also used tracking pixels. It isn't a novel technique of course, but it is observed in the wild in targeted threat activity. Even beyond email, communication clients are notorious for leaking information. It's not a bad idea to rigorously test how they behave.

    Poništi
  18. proslijedio/la je Tweet
    28. sij

    Here's the truth -- most of the underperforming analysts I see have the potential to do well, but they are limited by their managers or lack of support from their organization. 1/

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    28. sij

    This is what it looks like when Saudi Arabia uses NSO Group’s tools to target a journalist.

    Poništi
  20. HashiCorp Consul can be used to discover services and all of the hosts that make up a service, but can you: • Route traffic to a subset of all of the hosts in a cluster by tag (e.g. all of the Windows hosts in a cluster of Windows, and Linux systems)

    Poništi
  21. On a semi-related note, thanks for your contributions to the red team infrastructure wiki, , , and ! 🎉🎊🏆

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·