SarathKumar21

Speaking at #ShmooCon @shmoocon was awesome, thank you for the opportunity! For anyone interested in slides, check them out here in SpeakerDeck:https://speakerdeck.com/forensicitguy/whitelisting-ld-preload-for-fun-and-no-profit …

Thank you #shmoocon! The slides are out:https://www.slideshare.net/SamanthaMosley3/teen-hacks-for-obfuscating-identity-on-social-media …

WinPwnage. Elevate, UAC bypass, persistence, privilege escalation, dll hijack techniqueshttps://github.com/rootm0s/WinPwnage …

#EDR? Yeah, me too! But if you're chasing a bad guy across a > 100K-node environment you're probably pivoting to your #SIEM. @amrandazz shares some of the (many) ways we use @exabeam as our "cheat code" when responding @expel_io. https://expel.io/blog/exabeam-incident-investigators-cheat-code/ …

#Windows oneliners to download remote payload and execute arbitrary codehttps://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/ …

Python Script to access ATT&CK content available in STIX via a public TAXII server #infosec #blueteam #DFIRhttps://github.com/hunters-forge/ATTACK-Python-Client …

#DFIR Looking for more memory dumps to dig into? Here is my newest one! http://bit.ly/FOR526_Memory  -> Win10x64_18362 DevVM Gargoyle-laden (thx @jalospinoso) acquired with dumpit (thx @msuiche) & analyzed with win10compression support (thx @MalwareMechanic)

Like @graylog2 and @TheHive_Project?! Then you’ll love our write up on how to integrate them. http://blog.reconinfosec.com/integrating-graylog-with-thehive/ … #infosec #DFIR

Announcing the release of Osquery in a Box: A simple collection of docker-compose and other configuration that will bootstrap an osquery, Fleet, ELK stack environment in under 5 mins. Been wanting to try out these technologies? Now's your chance. https://github.com/dactivllc/osquery-in-a-box … #osquery

Check out Tony's tool to whitelist shared objects loaded via LD_PRELOAD: https://github.com/ForensicITGuy/libpreloadvaccine … #shmoocon @ForensicITGuy

Happy Friday hackers! Nitesh @ideaengine007 found a critical RCE vulnerability in Jenkins that led us to discover a Bitcoin mining service running on a DoD website . Head over to the disclosed report to see all the details! Thanks for being Niteshhttps://hackerone.com/reports/768266 

FakeLogonScreen - A utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then saved to disk.https://github.com/bitsadmin/fakelogonscreen …

Kerberoasting, exploiting unpatched systems - a day in the life of a Red Teamerhttp://niiconsulting.com/checkmate/2018/05/kerberoasting-exploiting-unpatched-systems-a-day-in-the-life-of-a-red-teamer/ …