Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @ceprevost
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ceprevost
-
Charles-E. Prevost proslijedio/la je Tweet
TeamViewer stored user passwords encrypted, not hashed, and the key is now publichttps://whynotsecurity.com/blog/teamviewer/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
Remote shell metacharacter injection and command-execution as root in an SMTP server... what year is it again?https://twitter.com/window/status/1222345450629423104 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
If
@tiraniddo's DotnetToJScript is blocked on newer versions of Windows or if it gets flagged by AMSI, you can use Excel automation via a COM object as an alternative to execute shellcode from JScript or VBScript w/o touching disk. PoC for x86 & x64 here:https://github.com/outflanknl/Scripts/blob/master/ShellcodeToJScript.js …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
I wrote up a quick POC, RemoteViewing, to demo RDP credential theft (adapted from
@0x09AL post => https://www.mdsec.co.uk/2019/11/rdpthief-extracting-clear-text-credentials-from-remote-desktop-clients/ …) using EasyHook and Donut
. More details on GitHub => https://github.com/FuzzySecurity/Sharp-Suite#remoteviewing …pic.twitter.com/mZZAwY5nFd
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
%APPDATA%\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt is a super handy
#PowerShell forensic artifact. Thanks@lzybkr!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
The Problems With Today's Red Teaming
@QW5kcmV3 https://medium.com/@cyb3rops/the-problems-with-todays-red-teaming-7b8ed1e735c9 …pic.twitter.com/dY09GV2pRH
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
Parse Transactional Registry logs in 010 Editor using this template: https://gist.github.com/williballenthin/eeeb2796c112b9b12f09af782e7b91fb … Windows Scheduled Tasks uses the Transactional Registry to record tasks, so you can feasibly recover deleted tasks. Used this to find APT28 lateral movement last week.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
This was also the first time I had several red teamers on my IR engagement and I was forever convinced how critical it is to intertwine red/blue skills. Their analysis of tool selection for tunneling (and thorough recreation & explanation) was super helpful for the client.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
Detect suspicious keyboard layout loads with this
#Sysmon config & Sigma rule > Example: Allows you to detect CN
, VN
, IR
remote users that connect to your servers maintained by US
staff only
Sysmon Config
https://github.com/SwiftOnSecurity/sysmon-config/pull/92/files …
Sigma Rule
https://gist.github.com/Neo23x0/62a75d4bbd26aa9164fa73384f6a1410 …pic.twitter.com/qRYEz0iMSb
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
Eager to be giving a talk w/
@HighViscosity &@williballenthin at@FireEye CDS! We'll discuss challenges & lessons learned tracking attackers in enterprise#macOS environments w/@Mandiant, & unveil

forensic artifacts utilized along the way. #DFIRhttps://summit.fireeye.com/learn/tracks.html …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
I'm sure many of you, like me, talk to IDA on a daily basis. Well, now she will actually listen! Try controlling IDA Pro with your voice today. https://fireeye.github.io/IDA_Pro_VoiceAttack_profile/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
#ManagedDefense Head Fake: Tackling Disruptive Ransomware Attacks (https://www.fireeye.com/blog/threat-research/2019/10/head-fake-tackling-disruptive-ransomware-attacks.html …)pic.twitter.com/eDKf4JBcaYHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
releasing the materials (source, slides & lab guide) for the
@defcon workshop by@olindoverrillo and I: Writing custom backdoor payloads with c#. Hope you can learn and have fun as much as we did. https://github.com/mvelazc0/defcon27_csharp_workshop …pic.twitter.com/Jju3LFm3lc
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
Interestingly, the attackers used a OAuth Phishing variant we had not observed before. Instead of creating malicious third-party apps, they used Google OAuth Client ID of a legitimate app to perform a two-legged OAuth with response type "Manual copy/paste".pic.twitter.com/CNEuA6g1GP
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
"Hello from Excel DNS Server! :-)" Rainy Saturday coding. Check out my
#Brucon October training "Malicious Documents For Red Teams" https://www.brucon.org/2019/brucon-2019-training/malicious-documents-for-red-teams/ …pic.twitter.com/dY6GCc9KBY
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
Releasing Mordor

! A repo of pre-recorded security events generated by emulated adversarial techniques in the form of JSON files for easy consumption! @Cyb3rPandaH & I wanted to facilitate the development & testing of data analytics
#ThreatHunting https://github.com/Cyb3rWard0g/mordor …pic.twitter.com/THC3QEn1GG
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
SilkETW is now available


! Check out my short introduction post here => https://www.fireeye.com/blog/threat-research/2019/03/silketw-because-free-telemetry-is-free.html …, you can find the code on the @FireEye GitHub => https://github.com/fireeye/SilkETW pic.twitter.com/9jOAJzN0cC
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
Check out my latest research "Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory" New attack techniques and live 0days inside. MSRC’s response: "this is not an issue which will be addressed via a security update"https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
Huge thanks to
@Centurion for Detection Lab! Awesome work! Took a moment to include@securityonion in the env: https://github.com/dlee35/DetectionLab …. Please help support the project: https://www.gofundme.com/detectionlab-platform-support … and check out the original project: https://github.com/clong/DetectionLab …pic.twitter.com/7u6FlwzqVz
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Charles-E. Prevost proslijedio/la je Tweet
New blog! Abusing Exchange: One API call away from Domain Admin. From any user with a mailbox to Domain Admin. Probably affects the majority of orgs using AD and Exchange.https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.