Christopher Glyer

@cglyer

Chief Security Architect , Retired IR consultant , "Co-anchor"

Vrijeme pridruživanja: srpanj 2009.

Tweetovi

Blokirali ste korisnika/cu @cglyer

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @cglyer

  1. Prikvačeni tweet
    17. sij

    On the latest - & I focused on all things Iran including summaries of , , , , TEMP.Zagros & multiple UNC clusters that have some really interesting activity w/our experts &

    Poništi
  2. proslijedio/la je Tweet

    Last year, researched and published a command-and-control module for SMB DOUBLEPULSAR. Since then, we've researched and reverse-engineered the RDP version of the implant. Today we're publishing that research and a module for it. Details:

    Poništi
  3. proslijedio/la je Tweet
    prije 6 sati

    So here we go... did anyone else notice that last posted about about two months before Joshua Schulte was arrested? He joined the IC as an NSA intern before joining CIA, and he was a computer guy there. Would he have access to NSA material?

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    3. velj

    BREAKING: Twitter says a suspected state-sponsored actor used its API to match usernames to phone numbers - Attack took place on December 24, 2019 - Twitter said attack came from IPs in Iran, Israel, and Malaysia

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    1. velj

    Load encrypted PE from XML Attribute. MSBuild is still the best.😅 MSBuild sets Property then calls Execute. Use this example to decouple payloads & prove that all security products have a "Single File Bias". Decouple payloads to subvert detection.

    Prikaži ovu nit
    Poništi
  6. 30. sij

    The version of dd on some versions of Netscaler is older and doesn't support "sync" or "status". If the above command has issues you can try ssh user@[IP address] "dd if=/dev/md0 | gzip -1 -" | dd of=/[fullpath]/md0.gz

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    Poništi
  8. proslijedio/la je Tweet

    Want to know a fun thing about CVE-2019-0604? Thousands of publicly exposed systems still run SharePoint 2007. Doesn’t matter as the advisory says it doesn’t apply to SP 2007, right? Wrong. Exploit absolutely works, product is out of support. Vuln scanners don’t detect.

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet

    Anyhoo the moral is when a product goes end of life the vulnerabilities don’t stop, vendors just stop listing the products as vulnerable and your vuln scanners likely do, too.

    Prikaži ovu nit
    Poništi
  10. 29. sij

    Example command (run from local system): ssh user@[IP address] "dd if=/dev/md0,sync status=progress | gzip -1 -" | dd of=/[fullpath]/md0.gz ...etc. for /dev/ad0s1a and /dev/ad0s1b

    Prikaži ovu nit
    Poništi
  11. 29. sij

    The order in which you run the commands varies slightly depending on whether you are running it locally (and piping results to a remote server) or running it from a remote system.

    Prikaži ovu nit
    Poništi
  12. 29. sij

    If you want to disable auto-image loading in Gmail, click the "Gear" icon, Select "Settings" and under the Images section select "Ask before displaying external images", and click "Save changes".

    Prikaži ovu nit
    Poništi
  13. 29. sij

    Even scammers leverage tracking pixels to gauge the success of their campaigns. I could really use a silent investor - you think I should reach out to Mr. Mohammed?

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    29. sij
    Odgovor korisnicima

    The gmail web client no longer allows you to block images by default, but it does proxy any images. Therefore, your OS and IP address are not leaked to the sender BUT there's nothing you can do to stop them from IDing if/when you open their message.

    Poništi
  15. proslijedio/la je Tweet
    29. sij
    Odgovor korisnicima

    Or: tracking pixels to learn expected egress IP, then gate on staging servers to that expected IP, effectively eliminating sandboxes, vendors, and probably blue teams from seeing payload. 👆🏼At the expense of appearing VERY targeted, which isn’t always ideal.

    Poništi
  16. 29. sij

    Mounting a FreeBSD forensic image isn’t trivial. has a great write-up that should help walk you through the steps in your forensic tool of choice

    Prikaži ovu nit
    Poništi
  17. 29. sij

    Note: You may need to run “mount” or “df -h” commands because the partition names (e.g - ad0s1b) may vary slightly across versions and need to be updated per command.

    Prikaži ovu nit
    Poništi
  18. 29. sij

    Commands to image Netscaler device: dd if=/dev/md0 | gzip -1 - | ssh user@[IP address] dd of=/[fullpath]/md0.gz
dd if=/dev/ad0s1a | gzip -1 - | ssh user@[IP address] dd of=/[fullpath]/ad0s1a.gz
dd if=/dev/ad0s1b | gzip -1 - | ssh user@[IP address] dd of=/[fullpath]/ad0s1b.gz

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    28. sij

    Imagine a world where there's another bug similar to the Microsoft CryptoAPI thing, China has it, and your network was built by Huawei. Fun thought exercise, no?

    Poništi
  20. proslijedio/la je Tweet
    28. sij
    Odgovor korisniku/ci

    Hi there, thanks for reaching out. You can turn on the 'Block External Images' setting by going to Settings > Mail Account > Block External Images in the iOS Outlook app. Let us know if this helps.

    Poništi
  21. proslijedio/la je Tweet
    28. sij
    Odgovor korisnicima

    If there’s a way to disable image load in for iOS, I can’t find it. What’s up with that,

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·