Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @cryps1s
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @cryps1s
-
DANΞ Retweeted
I wrote about my experiences responding to security breaches and intrusions this year.https://medium.com/starting-up-security/learning-from-security-breaches-in-2017-ff62a2c56522 …
Thanks. Twitter will use this to make your timeline better. Undo -
We've open sourced our framework for developing alerting and detection strategies for incident response. We have also included several internal strategies as examples to spur greater sharing and collaboration with defenders.https://medium.com/@palantir/alerting-and-detection-strategy-framework-52dc33722df2 …
Thanks. Twitter will use this to make your timeline better. Undo -
DANΞ Retweeted
[blog/tool] InsecurePowerShell - PowerShell Without http://System.Management .Automation.dll https://cobbr.io/InsecurePowershell-PowerShell-Without-System-Management-Automation.html … I promise that one day I will blog about something other than PowerShell... but today is not that day
Thanks. Twitter will use this to make your timeline better. Undo -
Fun facts about mavinject: - Present in system32\mavinject.exe - Present in UEV (program files\microsoft user experience virtualization\agent\x86\mavinject32.exe) - Present in clicktorun (program files\common files\microsoft shared\clicktorun\mavinject32.exe)
Thanks. Twitter will use this to make your timeline better. Undo -
Reaching out to see if anyone has a success story they can share with
@farmersonly. Looks like they've had a bad run of luck and could use some help.pic.twitter.com/HGEYdNgulX
Thanks. Twitter will use this to make your timeline better. Undo -
DANΞ Retweeted
Today I'm releasing Detection Lab, a personal project that uses Packer & Vagrant to quickly stand up up a fully customizable Windows Active Directory loaded with security tooling and some logging best practices. Blog: https://medium.com/@clong/introducing-detection-lab-61db34bed6ae … Github:https://github.com/clong/DetectionLab …
Thanks. Twitter will use this to make your timeline better. Undo -
DANΞ Retweeted
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI:https://aka.ms/WEFFLES
Show this threadThanks. Twitter will use this to make your timeline better. Undo -
Mad props to
@GlassWireLabs not only for a great product (app firewall), but for going out of their way to sign binaries to support device guard application whitelisting. Filed a ticket for support and they had a new build out two days later. Vendors take notice.Thanks. Twitter will use this to make your timeline better. Undo -
DANΞ Retweeted
If you are looking for a Windows security related role at a company where management is willing to get things fixed, please DM me. I have a friend who is looking for someone with ~5yrs Windows experience and security passion (and wants to fix things).
Thanks. Twitter will use this to make your timeline better. Undo -
DANΞ Retweeted
Any Windows 10 device that includes Hyper-V hypervisor can now turn on HVCI, a powerful mitigation against kernel exploits. This method uses a WDAC/config CI audit policy to enable HVCI.https://docs.microsoft.com/en-us/windows/device-security/enable-virtualization-based-protection-of-code-integrity …
Show this threadThanks. Twitter will use this to make your timeline better. Undo -
That one special moment when you realize you're the one originally responsible for bringing the security product you hate into your environment.pic.twitter.com/vcOfvRJF39
Thanks. Twitter will use this to make your timeline better. Undo -
DANΞ Retweeted
ADSecurity Blog Post: "Securing Microsoft Active Directory Federation Server (ADFS)" Includes ADFS & Federation overview and key security recommendations. https://adsecurity.org/?p=3782
Thanks. Twitter will use this to make your timeline better. Undo -
DANΞ Retweeted
As a follow-up to this experiment https://twitter.com/mattifestation/status/932043972263886848 …, I documented my process/experience/methodology developing the most secure Device Guard policy I could: "Adventures in Extremely Strict Device Guard Policy Configuration Part 1 — Device Drivers" https://posts.specterops.io/adventures-in-extremely-strict-device-guard-policy-configuration-part-1-device-drivers-fd1a281b35a8 …
Thanks. Twitter will use this to make your timeline better. Undo -
Not only is it bad infosec practice to drop unsigned DLLs on-disk, it's pretty difficult to identify that this was originally installed due to your application since it's loaded from outside the typical application path.
Show this threadThanks. Twitter will use this to make your timeline better. Undo -
Hey
@1Password - I love using 1PWv4 for Windows, but man -- y'all need to sign your stuff. Just discovered you drop an unsigned DLL to System32 called chilkat.dll and it's ruining my application whitelisting juju. Can we get this signed in future releases?Show this threadThanks. Twitter will use this to make your timeline better. Undo -
Sincerest thank you and kudos to the
@SpecterOps for their Adversary Powershell course. Easily one of the most difficult, rewarding, and inspiring courses I've taken in my career. Defenders would be remiss not to take any training offered by them.Thanks. Twitter will use this to make your timeline better. Undo -
DANΞ Retweeted
"Companies like these are a reminder that your success or failure in business as in life is directly tied to what you produce — not what you promise or represent." I had always assumed root9B was actually doing well. I guess not :( https://krebsonsecurity.com/2017/11/r-i-p-root9b-we-hardly-knew-ya/ …
Thanks. Twitter will use this to make your timeline better. Undo -
DANΞ Retweeted
[Blog] Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScripthttps://posts.specterops.io/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript-a88a81df27eb …
Thanks. Twitter will use this to make your timeline better. Undo -
DANΞ Retweeted
In my career I've had to work with jerks. Some of the best advice I've seen for coping during adversity was in this HBR article, which focuses on how to manage your own happiness. "An Antidote to Incivility" https://hbr.org/2016/04/an-antidote-to-incivility … [sorry for the paywall]
Thanks. Twitter will use this to make your timeline better. Undo -
We've recently open-sourced our osquery configuration on GitHub (https://github.com/palantir/osquery-configuration …). Audit registry keys, monitor your security tooling, and provide better data for hunting and incident response. CC
@CenturionThanks. Twitter will use this to make your timeline better. Undo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.