Richard Gold

@drshellface

Director of Security Engineering at Digital Shadows. I build, break & protect network systems & software. Purple Team FTW!

London, England
Vrijeme pridruživanja: siječanj 2017.

Tweetovi

Blokirali ste korisnika/cu @drshellface

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @drshellface

  1. Prikvačeni tweet
    13. kol 2019.

    Check out the “Orca” network recon tool that we released at : it’s a targeted OSINT tool for performing asset discovery against an organization. Example walkthrough on the Github wiki! Blog post here:

    Poništi
  2. prije 7 sati

    Lots of good resources in the comments here for the aspiring exploit dev. My favourites are: 's Sam's Class which has Phoenix (the new version of Protostar) for purely ROP-focused exploitation All for free too! :-)

    Poništi
  3. proslijedio/la je Tweet
    31. sij

    Want to see how the red team weaponizes threat intel for R&D and TTP development? Check out some research I did with and . Also includes some new executables that can be used for DLL abuse.

    Poništi
  4. proslijedio/la je Tweet
    31. sij

    stat: 80% of enterprise tools run in the default configuration.

    Poništi
  5. 31. sij

    Secure defaults is one of the very few ways that security actually gets better.

    Poništi
  6. proslijedio/la je Tweet
    31. sij
    Poništi
  7. proslijedio/la je Tweet
    31. sij
    Poništi
  8. proslijedio/la je Tweet
    31. sij

    Good news — since China stole the IP of F-35 for their J-31 it means their software is crap too. NSA can just patch diff between the current builds and the stolen builds and they’ll have hundreds of 1day exploits! China’s industrial espionage is a vulnerability!! 😋

    Tweet je nedostupan.
    Poništi
  9. proslijedio/la je Tweet
    29. sij

    I took my 8-year-old to the office on Take Your Child to Work Day. As we were walking around, she starting crying & getting very cranky, so I asked her what was wrong. As my coworkers gathered round, she sobbed, 'Daddy, where are all the clowns that you said you worked with?' 🤣

    Poništi
  10. proslijedio/la je Tweet
    30. sij

    Google loves security keys, and today announced an open source implementation to help spur further innovation from the security research community 1/ .

    Prikaži ovu nit
    Poništi
  11. 30. sij

    This makes me worried as a Red Teamer and delighted as a Blue Teamer! :)

    Poništi
  12. proslijedio/la je Tweet
    30. sij
    Poništi
  13. proslijedio/la je Tweet
    30. sij

    VECTR update was just released version 5.4 is out! Thank you SANS has a lab for APT33 and this version makes it even easier to map already tested TTPs to adveraries!

    Poništi
  14. proslijedio/la je Tweet
    29. sij

    Great, now skidz and APT alike are going to be able to freeload off of more OffSec tooling to create amazing documentation and report-outs.

    Poništi
  15. proslijedio/la je Tweet
    29. sij

    Couple of rough notes on .NET stuff. Avoiding defender + manually patching AMSI to retain Assembly.Load() functionality =)

    Poništi
  16. proslijedio/la je Tweet
    30. sij

    👨🏻‍💻Vladimir Metnew () of will be presenting, "File Quarantine Handling in macOS Apps" ...after exploring `file quarantine` internals he'll discuss remote exploitation of popular 3rd-party apps that fail to leverage this security mechanism! 😈☠️🤫

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    30. sij

    For the past few months, I've been diving into Apple's Endpoint Security Framework. This post shares how I use the framework for detection engineering purposes.

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    30. sij

    My coworker just shared the best thing: Oh Shit, Git!?!

    Poništi
  19. proslijedio/la je Tweet

    This is indeed interesting and worthwhile, but note these are all static *technical and tool defenses*. It’s important to develop and implement tactical, operational, and strategic *programs*, all of which require people and process, because the adversary is smart and adaptive.

    Poništi
  20. proslijedio/la je Tweet
    29. sij

    Breaking: German gov't says it is in possession of intelligence that proves that Huawei cooperates with Chinese state security organs

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    29. kol 2018.

    The STATE vs NATION-STATE distinction is not a quirk of style, which seems to have been lost on a lot of folks…

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·