Decalage

@decalage2

High-latency Twitterbot with experimental, Turing-proof AI. Daily downtimes for maintenance. Tweeting about , analysis, file formats and .

Vrijeme pridruživanja: studeni 2012.

Tweetovi

Blokirali ste korisnika/cu @decalage2

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @decalage2

  1. Prikvačeni tweet
    5. pro 2019.

    Final slides of my presentation yesterday at Black Hat Europe 2019, about malicious VBA macros and recent advances in the attack & defence sides: Featuring /olevba, ViperMonkey, MacroRaptor, EvilClippy

    Poništi
  2. proslijedio/la je Tweet

    This abomination is the regex for validating IPv6 addresses:

    Poništi
  3. proslijedio/la je Tweet
    prije 7 sati

    Analysis of a triple-encrypted AZORult downloader

    Poništi
  4. proslijedio/la je Tweet
    25. sij

    Threat Bus: a real-time pub/sub broker to get intelligence/indicators from and feed your in real-time & get sightings from your NIDS to MISP. A clever way to connect efficiently open source security tools. Thanks to

    Poništi
  5. proslijedio/la je Tweet
    30. sij

    Interested in learning how to debug macros or learn more about the structure of user forms? In my latest video, I show you how to use the Office IDE to debug a recent

    Poništi
  6. proslijedio/la je Tweet
    30. sij
    Poništi
  7. proslijedio/la je Tweet
    20. pro 2019.

    The present everyone has been asking for is here! We are excited to announce the beta release of TRAM, a tool to aid in mapping reports to ATT&CK. You can find our latest blog with all the details at and the source code at .

    Poništi
  8. proslijedio/la je Tweet
    29. sij
    Poništi
  9. proslijedio/la je Tweet
    28. sij

    From the folks that brought you Atomic Red Team, Chain Reactor is a new open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

    Poništi
  10. proslijedio/la je Tweet
    28. sij

    Rich - A Python library for rich text and beautiful formatting in the terminal.

    Poništi
  11. proslijedio/la je Tweet
    27. sij

    If 's DotnetToJScript is blocked on newer versions of Windows or if it gets flagged by AMSI, you can use Excel automation via a COM object as an alternative to execute shellcode from JScript or VBScript w/o touching disk. PoC for x86 & x64 here:

    Poništi
  12. 27. sij

    olevba and mraptor now detect the new "_OnConnecting" trigger used in some recent malware, thanks to

    Poništi
  13. proslijedio/la je Tweet
    27. sij

    (Microsoft Terminal Services Client Control) - OnConnecting is a new VBA macro startup method actively being used by latest downloaders. Executes only on W10.

    Poništi
  14. proslijedio/la je Tweet
    2. sij

    To celebrate this new decade, I have just released a new open source tool that could help security researchers on daily operations: Check out the blog post for further info:

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    26. sij

    Log Sources - ordered by priority - with ratings in different categories - personal and highly subjective assessment - from my most recent slide deck on low hanging fruits in security monitoring

    Poništi
  16. proslijedio/la je Tweet
    21. sij

    MISP 2.4.120 released including the timeline support on attributes and objects in MISP. This release also includes various bugs fixed and improvements.

    Poništi
  17. proslijedio/la je Tweet

    Ho, by the way, is not only about TLS & Authenticode... it's also for S/MIME and other signatures. Yes, it's also valid against mail signature verification ❤️ I hope nobody rely on it for legal / workflow validation

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet

    last use case for today Yes, it's also dangerous for Microsoft VBA macro (especially when you think "Disable all Macros except digitally signed" will protect you)

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    15. sij

    The trouble with Microsoft’s Troubleshooters by Imre Rad

    Poništi
  20. proslijedio/la je Tweet
    13. sij

    New blog post! | Creating Responders in The Hive, with lots of practical tips to avoid some of the most common pitfalls!

    Poništi
  21. proslijedio/la je Tweet
    13. sij

    Contact me if you want to try out (beta) ATT&CK - in using remote transforms. No local python install needed.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·