Tweetovi

Blokirali ste korisnika/cu @ceprevost

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ceprevost

  1. proslijedio/la je Tweet
    3. velj

    TeamViewer stored user passwords encrypted, not hashed, and the key is now public

    Poništi
  2. proslijedio/la je Tweet
    29. sij

    Remote shell metacharacter injection and command-execution as root in an SMTP server... what year is it again?

    Poništi
  3. proslijedio/la je Tweet
    27. sij

    If 's DotnetToJScript is blocked on newer versions of Windows or if it gets flagged by AMSI, you can use Excel automation via a COM object as an alternative to execute shellcode from JScript or VBScript w/o touching disk. PoC for x86 & x64 here:

    Poništi
  4. proslijedio/la je Tweet
    16. stu 2019.

    I wrote up a quick POC, RemoteViewing, to demo RDP credential theft (adapted from post => ) using EasyHook and Donut ☠️🖥️. More details on GitHub =>

    Poništi
  5. proslijedio/la je Tweet
    7. lip 2016.

    %APPDATA%\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt is a super handy forensic artifact. Thanks !

    Poništi
  6. proslijedio/la je Tweet
    23. stu 2019.
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    22. stu 2019.

    Parse Transactional Registry logs in 010 Editor using this template: Windows Scheduled Tasks uses the Transactional Registry to record tasks, so you can feasibly recover deleted tasks. Used this to find APT28 lateral movement last week.

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    28. velj 2019.

    This was also the first time I had several red teamers on my IR engagement and I was forever convinced how critical it is to intertwine red/blue skills. Their analysis of tool selection for tunneling (and thorough recreation & explanation) was super helpful for the client. 💜

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    13. lis 2019.

    Detect suspicious keyboard layout loads with this config & Sigma rule > Example: Allows you to detect CN 🇨🇳, VN 🇻🇳, IR 🇮🇷 remote users that connect to your servers maintained by US 🇺🇸 staff only Sysmon Config Sigma Rule

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    15. kol 2019.

    Eager to be giving a talk w/ & at CDS! We'll discuss challenges & lessons learned tracking attackers in enterprise environments w/ , & unveil 🔥🔥🔥 forensic artifacts utilized along the way.

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    3. lis 2019.

    I'm sure many of you, like me, talk to IDA on a daily basis. Well, now she will actually listen! Try controlling IDA Pro with your voice today.

    Poništi
  12. proslijedio/la je Tweet
    1. lis 2019.
    Poništi
  13. proslijedio/la je Tweet
    12. kol 2019.

    releasing the materials (source, slides & lab guide) for the workshop by and I: Writing custom backdoor payloads with c#. Hope you can learn and have fun as much as we did.

    Poništi
  14. proslijedio/la je Tweet
    21. kol 2019.

    Interestingly, the attackers used a OAuth Phishing variant we had not observed before. Instead of creating malicious third-party apps, they used Google OAuth Client ID of a legitimate app to perform a two-legged OAuth with response type "Manual copy/paste".

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    17. kol 2019.

    "Hello from Excel DNS Server! :-)" Rainy Saturday coding. Check out my October training "Malicious Documents For Red Teams"

    Poništi
  16. proslijedio/la je Tweet
    22. ožu 2019.

    Releasing Mordor 😈📜! A repo of pre-recorded security events generated by emulated adversarial techniques in the form of JSON files for easy consumption! & I wanted to facilitate the development & testing of data analytics 🍻

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    20. ožu 2019.

    SilkETW is now available ✍️🧐💡! Check out my short introduction post here => , you can find the code on the GitHub =>

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    27. sij 2019.

    Check out my latest research "Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory" New attack techniques and live 0days inside. MSRC’s response: "this is not an issue which will be addressed via a security update"

    Poništi
  19. proslijedio/la je Tweet
    21. sij 2019.

    Huge thanks to for Detection Lab! Awesome work! Took a moment to include in the env: . Please help support the project: and check out the original project:

    Poništi
  20. proslijedio/la je Tweet
    21. sij 2019.

    New blog! Abusing Exchange: One API call away from Domain Admin. From any user with a mailbox to Domain Admin. Probably affects the majority of orgs using AD and Exchange.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·