Dimitrios Margaritis

@dmargaritis

Tweets are personal

Brussels
Vrijeme pridruživanja: siječanj 2011.
12 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @dmargaritis

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @dmargaritis

  1. Prikvačeni tweet
    24. stu 2019.

    Before developing advanced detection techniques for powershell and lateral movement lets think if we can use the build-in free Windows firewall to prevent widely used techniques. Then we can detect unmanaged poweshell etc

    8 replies 101 proslijeđeni tweet 238 korisnika označava da im se sviđa
    Poništi
  2. 3. velj

    Top 5 Mitigations for Windows mapped to CSF , in 2 words Cyber Hygiene

    2 proslijeđena tweeta 12 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    30. sij

    Red Teaming with Covenant and Donut

    123 proslijeđena tweeta 285 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    30. sij

    Well, we have a Sigma rule from 2017 that would detect this "brand new" Trickbot campaign and I'll write one for the wreset.exe UAC bypass Rule

    27 proslijeđenih tweetova 75 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    28. sij

    1. Network segmentation 2. Host-based Firewalls 3. Windows Credential Guard/Exploit Guard 4. Applocker 5. Privilege Account Monitoring 6. EDR 7. Sandboxed Office365/Outlook 8. 2FA 9. AMSI 10. MSBuild/Powershell Monitoring

    👋 operators: Which defensive settings have you encountered that made it *super* painful for you to operate in a Windows AD environment?
    16 proslijeđenih tweetova 36 korisnika označava da im se sviđa
    Poništi
  6. 24. sij

    If you have ATP enable the NO-DEFAULT protections: 1)block office apps from creating child process and inject code to other process2)Block JS &VBS from launching downloaded executable content 3)Block credential stealing from lsass.exe and much more

    1 reply 62 proslijeđena tweeta 145 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    19. sij

    command-line MSBuild.exe detection's got your down? How about MSBuild without MSBuild.exe?

    7 replies 254 proslijeđena tweeta 526 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    14. sij

    The bad news is that even if you’ve patched your systems Monday morning, strictly speaking, you can’t trust them anymore ☝️ Attackers had 55 (+ x) hours to exploit that 0day & drop a webshell or reverse shell 🥳 Please don’t shoot the messenger ✋😔

    Servers vulnerable to CVE-2019-19781 by country: 🇺🇸 United States: 9,880 🇩🇪 Germany: 2,510 🇬🇧 United Kingdom: 2,028 🇨🇭 Switzerland: 1,094 🇦🇺 Australia: 1,076 🇳🇱 Netherlands: 713 🇨🇦 Canada: 682 🇫🇷 France: 591 🇮🇹 Italy: 568 🇳🇴 Norway: 446 All others: 5,533
    Prikaži ovu nit
    7 replies 195 proslijeđenih tweetova 294 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. 13. sij

    Use AccessEnum.exe from Sysinternals to find globally writable folders in c:\windows and do something for it... Think twice for this if you have default AppLocker implementation without rules for these folders

    1 proslijeđeni tweet 6 korisnika označava da im se sviđa
    Poništi
  10. 13. sij

    There many subfolders in c:\windows where normal user has write access. Find them and remove write access

    Tweet je nedostupan.
    4 proslijeđena tweeta 12 korisnika označava da im se sviđa
    Poništi
  11. 8. sij

    Very rare

    "Rarely is anyone thanked for the work they did to prevent the disaster that didn't happen." -
    3 korisnika označavaju da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    23. pro 2019.

    targets LANDesk Agent users via PowDesk - New PowerShell-based malware resembles QUADAGENT. PowDesk checks for the presence of LANDesk Agent folder and service before C&C beacon. Full analysis coming soon. lcepos[.]com/php/reclaimlandesk[.]php

    106 proslijeđenih tweetova 196 korisnika označava da im se sviđa
    Poništi
  13. 20. pro 2019.

    "Offsec wrote defensive rules" this is something that we are missing in many cases

    Odgovor korisniku/ci @Oddvarmoe
    Yes, that’s possible, cause I‘ve never used it myself. Colleagues did. It would be better if OffSec wrote these rules. I just saw that „Invoke-Bloodhound“ has some params that are used very frequently in tutorials and by a threat group.
    2 proslijeđena tweeta 8 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    18. pro 2019.

    Interesting project to check for security issues in terraform files (has checks for AWS, Azure, and GCP). Similar to Hashicorp Sentinel.

    1 reply 31 proslijeđeni tweet 84 korisnika označavaju da im se sviđa
    Poništi
  15. 18. pro 2019.

    I can't agree more

    2 korisnika označavaju da im se sviđa
    Poništi
  16. 17. pro 2019.

    Strange feelings when I saw this picture for my country... I hope understands the importance of cybersecurity and soon Greece will have better position amongst EU countries. There are many Greeks in cybersecurity,unfortunately outside the country, that can help

    1 korisnik označava da mu se sviđa
    Poništi
  17. proslijedio/la je Tweet
    15. pro 2019.

    18 proslijeđenih tweetova 34 korisnika označavaju da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    16. pro 2019.

    Important update for Sigma rule that detects suspicious PowerShell encoded commands to cover the latest campaigns

    60 proslijeđenih tweetova 145 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    16. pro 2019.

    Crime vs. APT (from a slide deck that I am currently preparing)

    311 proslijeđenih tweetova 821 korisnik označava da mu se sviđa
    Poništi
  20. 12. pro 2019.

    Why @WindowsATP doesn't log the real remote IP and DNS name in the network connection and logs the name and the IP of the proxy? Don't tell me use Sysmon EID 22 if you want such info :-)

    1 reply 5 korisnika označava da im se sviđa
    Poništi
  21. 12. pro 2019.

    Cool tools from fireeye in github

    With almost 40 defense and focused tools, scripts, plugins, and applications, our page is the gift that keeps on giving! Explore our tools at .
    1 korisnik označava da mu se sviđa
    Poništi

@dmargaritis još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·