Chris Vazquez

Pushed a new Rubeus release after getting some additional feedback from our most recent AT:RTO students. The full changes are detailed here https://github.com/GhostPack/Rubeus/blob/master/CHANGELOG.md#150---2020-01-31 … . To highlight a few new features- "/nowrap" globally prevents base64 blobs from line-wrapping, (1/4)

Blue Cloud of Death: Red Teaming #Azurehttps://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1 …

New Blog Post from @Haus3c on Azure. Ryan discusses Azure and Azure AD's components, reviews some of the attacks, and release PowerZure to help understand the attacks. Link: https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a … PowerZure:https://github.com/hausec/PowerZure …

New from @0xthirteen - Revisiting Remote Desktop Lateral Movement This post discusses RDP lateral movement by leveraging mstscax.dll. Steven also is releasing SharpRDP with corresponding detection guidance for this attack technique. Post:https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3 …

Have #SCCM and deploying Microsoft Defender ATP??? Check out this deployment guide https://aka.ms/deploymdatp  #MDATP

Live now: BadBlood an Active Directory Object Creator and Security Generatorhttps://hubs.ly/H0mDlZY0 

Check it out the NEW #Azure #Security Center Alerts Reference Guide. A complete list of ASC alerts based on the different categorieshttps://docs.microsoft.com/en-us/azure/security-center/alerts-reference …

Wrote a small post about embedding external DLLs into a Task in Covenant. Shout out to @cobbr_io for Covenant and his willingness to help in the #covenant BloodHound slack channel! @csis_cyberhttps://medium.com/csis-techblog/embedding-external-dlls-into-covenant-tasks-de443c4a2b84 …

Whoa. @eric_capuano doing a #ThreatHunting walk through of @Recon_InfoSec OpenSOC scenarios. This format is awesome. Please do more like it.https://bit.ly/36UHz77 

How to Identify the User that Dismissed an Alert in #Azure #Security Centerhttps://techcommunity.microsoft.com/t5/azure-security-center/how-to-identify-the-user-that-dismissed-an-alert-in-azure/ba-p/1108902 …

Want Free? Jump on the Citrix wagon! Pick a program on https://github.com/arkadiyt/bounty-targets-data/blob/master/data/wildcards.txt … git clone https://github.com/cisagov/check-cve-2019-19781 … cd check-cve-2019-19781 pip3 install -r requirements.txt cat hosts.txt | while read url ; do cve-2019-19781 $url ;done > loot.txt 2>&1 cat loot.txt | grep appear