Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @cryps1s
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @cryps1s
-
Are all these zero trust vendors just selling device PKI and an authenticated proxy?
Can we just go back to assume breach and not posit putting all your services on the internet as a good idea?Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
vBulletin was peak web design. We've only gone downhill since then.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
I'm looking to become a better writer and feel comfortable receiving feedback. If you have any thoughts on how this could be better, I'd love to hear it. I ended up chopping 30+ pages off this draft to meet a maximum length requirement, so I might pick up on my blog later. 3/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
TLDR: Using terraform + IOC + GHE is awesome, but it erodes the tiering model. Actors can now pop infra directly through code changes. These are some attack scenarios, artifacts, monitoring, and highly actionable best practices for defending infrastructure as code in GHE. 2/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I just published a ~45 page whitepaper on attacking and defending terraform infrastructure as code in GitHub. Includes attack scenarios, hardening, detections, etc. Deep thanks to
@tifkin_ and@harmj0y for their inspiration and research.
https://www.sans.org/reading-room/whitepapers/securecode/defending-infrastructure-code-github-enterprise-39380 …
1/3Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Today's rabbit hole: firefox + ghacks-user.js + temporary containers. Really cool to see how far anti-fingerprinting tech has come for browsers. Ditch the Google botnet, wrap firefox with some exploit guard and, baby, you got a stew going.https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Friends don't let friends use tanium.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
CVE-2020-0601 in a nutshell. Nice cert. What are you trying to look like a secret agent or something?pic.twitter.com/LJCe29R5Xg
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Security Engineer: Jump-start the infosec program. You'll implement technical controls, combat phishing, secure endpoints, collaborate with researchers to protect infrastructure. Looking for 3yrs+ broad security experience with a platform spike. https://jobs.lever.co/openai/6a964956-9548-4a63-a19e-1cab8b5af2c2 … 3/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Head of Security: This is NOT a CISO role. They're looking for a hands-on technical leader to drive vision + execution of the security org. Shape the culture, build the team, implement tech, and help protect critical AI research from adversaries. https://jobs.lever.co/openai/917ad50d-176d-43ec-a50b-4d218c584147 … 2/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Posting for a friend - please RT if you can! New
#infosecjobs available at@OpenAI. OpenAI is a research lab in SF pushing the boundaries on AI research so that it is ultimately safe and benefits humanity. It's an awesome organization and mission. https://openai.com/about/ 1/3Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DANΞ proslijedio/la je Tweet
I've been poking around the Windows kernel a lot lately and one of my favorite samples I've referenced is Mimikatz's driver, Mimidrv. I took some time and documented all of its functions and included some write-ups on important kernel structures. Post: https://posts.specterops.io/mimidrv-in-depth-4d273d19e148 … 1/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Don't forget that the
#shitrix gateway handles authentication. Once it's popped, you should assume that any credentials entered are owned. Perform mandatory credential rotation, look for anomalous remote logons, audit recent 2FA enrollments. Ingress + basic creds = bad juju.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It would sure be awful if someone wormed the
#shitrix CVE to nuke that pesky vulnerable perl file and suddenly mitigate all the vulnerable hosts across the world.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Most importantly, vendor has been unresponsive, opaque, failed to deliver a patch, and does not appear to take this issue seriously. If you're in a position to influence tech in your environment, now is a good time to exert power and consider alternatives. Happy hunting. 3/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
- NSG is running OLD FreeBSD. You don't have logs or monitoring tools on it. Remember that adversaries can and will edit logs on target. - You can do some basic forensics on the FS with sleuthkit or other tools. - Deleting or moving those scripts may be a viable option. 2/3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Couple of forensic and defensive notes: - You'll see indicators of directory traversal in web request logs. -NSGs also have a basic shell recording log. - A potentially reliable indicator of compromise includes xml.ttc2 file creation under /var/tmp/netscaler/portal/templates 1/3https://twitter.com/0x09AL/status/1215437443375214593 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
