Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @cglyer
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @cglyer
-
Prikvačeni tweet
On the latest
#StateOfTheHack -@itsreallynick & I focused on all things Iran including summaries of#APT33,#APT34,#APT35,#APT39, TEMP.Zagros & multiple UNC clusters that have some really interesting activity w/our experts@sj94356 &@QW5kcmV3https://twitter.com/FireEye/status/1218246639367798785?s=20 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
Last year,
@wvuuuuuuuuuuuuu researched and published a command-and-control module for SMB DOUBLEPULSAR. Since then, we've researched and reverse-engineered the RDP version of the implant. Today we're publishing that research and a module for it. Details:https://blog.rapid7.com/2020/02/04/doublepulsar-rce-2-an-rdp-story/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
So here we go... did anyone else notice that
@shadowbrokerss last posted about about two months before Joshua Schulte was arrested? He joined the IC as an NSA intern before joining CIA, and he was a computer guy there. Would he have access to NSA material?Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
BREAKING: Twitter says a suspected state-sponsored actor used its API to match usernames to phone numbers - Attack took place on December 24, 2019 - Twitter said attack came from IPs in Iran, Israel, and Malaysia https://www.zdnet.com/article/twitter-says-an-attacker-used-its-api-to-match-usernames-to-phone-numbers/ …pic.twitter.com/ulWUmfF5L6
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
Load encrypted PE from XML Attribute. MSBuild is still the best.
https://github.com/XwingAngel/PELoader/ …
MSBuild sets Property then calls Execute.
Use this example to decouple payloads & prove that all security products have a "Single File Bias".
Decouple payloads to subvert detection.pic.twitter.com/648rujlLQn
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The version of dd on some versions of Netscaler is older and doesn't support "sync" or "status". If the above command has issues you can try ssh user@[IP address] "dd if=/dev/md0 | gzip -1 -" | dd of=/[fullpath]/md0.gz
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
Curl.exe is the new rundll32.exe — LOLbinhttps://medium.com/@reegun/curl-exe-is-the-new-rundll32-exe-lolbin-3f79c5f35983 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
Want to know a fun thing about CVE-2019-0604? Thousands of publicly exposed systems still run SharePoint 2007. Doesn’t matter as the advisory says it doesn’t apply to SP 2007, right? Wrong. Exploit absolutely works, product is out of support. Vuln scanners don’t detect.https://twitter.com/gossithedog/status/1126833629236215808 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
Anyhoo the moral is when a product goes end of life the vulnerabilities don’t stop, vendors just stop listing the products as vulnerable and your vuln scanners likely do, too.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Example command (run from local system): ssh user@[IP address] "dd if=/dev/md0,sync status=progress | gzip -1 -" | dd of=/[fullpath]/md0.gz ...etc. for /dev/ad0s1a and /dev/ad0s1b
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The order in which you run the commands varies slightly depending on whether you are running it locally (and piping results to a remote server) or running it from a remote system. https://unix.stackexchange.com/questions/132797/how-to-dd-a-remote-disk-using-ssh-on-local-machine-and-save-to-a-local-disk …pic.twitter.com/r5yj2kDSGT
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If you want to disable auto-image loading in Gmail, click the "Gear" icon, Select "Settings" and under the Images section select "Ask before displaying external images", and click "Save changes".pic.twitter.com/xCHyHdJeV0
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Even scammers leverage tracking pixels to gauge the success of their campaigns. I could really use a silent investor - you think I should reach out to Mr. Mohammed?pic.twitter.com/BmmHYoQXpq
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
The gmail web client no longer allows you to block images by default, but it does proxy any images. Therefore, your OS and IP address are not leaked to the sender BUT there's nothing you can do to stop them from IDing if/when you open their message.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
Or: tracking pixels to learn expected egress IP, then gate on staging servers to that expected IP, effectively eliminating sandboxes, vendors, and probably blue teams from seeing payload.
At the expense of appearing VERY targeted, which isn’t always ideal.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Mounting a FreeBSD forensic image isn’t trivial.
@hal_pomeranz has a great@sansforensics write-up that should help walk you through the steps in your forensic tool of choice https://digital-forensics.sans.org/blog/2010/02/10/freebsd-computer-forensic-tips-tricks/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Note: You may need to run “mount” or “df -h” commands because the partition names (e.g - ad0s1b) may vary slightly across versions and need to be updated per command.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Commands to image Netscaler device: dd if=/dev/md0 | gzip -1 - | ssh user@[IP address] dd of=/[fullpath]/md0.gz dd if=/dev/ad0s1a | gzip -1 - | ssh user@[IP address] dd of=/[fullpath]/ad0s1a.gz dd if=/dev/ad0s1b | gzip -1 - | ssh user@[IP address] dd of=/[fullpath]/ad0s1b.gz
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
Imagine a world where there's another bug similar to the Microsoft CryptoAPI thing, China has it, and your network was built by Huawei. Fun thought exercise, no?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
Hi there, thanks for reaching out. You can turn on the 'Block External Images' setting by going to Settings > Mail Account > Block External Images in the iOS Outlook app. Let us know if this helps.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Christopher Glyer proslijedio/la je Tweet
If there’s a way to disable image load in
@Outlook for iOS, I can’t find it. What’s up with that,@Microsoft@msftsecurity@OfficeHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
CVE-2019-0604 is being exploited in the wild