Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @gN3mes1s
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @gN3mes1s
-
Giuseppe `N3mes1s` proslijedio/la je Tweet
SettingSyncHost.exe as a LolBin http://www.hexacorn.com/blog/2020/02/02/settingsynchost-exe-as-a-lolbin/ …
#LOLBIN cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foopic.twitter.com/dOM4EHq4ZuHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
Reversing XignCode3 Anticheat – Registering Notify and Callback Routines Part 4.1 is out!
Anti-cheats use callbacks and notification routines to control what is happening on your system, let's dig into this
https://niemand.com.ar/2020/01/31/reversing-xigncode3-driver-part-4-1-registering-notify-and-callback-routines/ …
#reversing#hacking#infosec#securitypic.twitter.com/5tmM5JOyBe
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly - by
@LawrenceAbramshttps://www.bleepingcomputer.com/news/security/trickbot-uses-a-new-windows-10-uac-bypass-to-launch-quietly/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
Eclypsium published new research exposing vulnerabilities to DMA attacks in laptops from HP and Dell. Our principal researchers,
@HackingThings and@jessemichael show that high speed DMA attacks can bypass hardware protections on enterprise devices. http://bit.ly/313EEqN pic.twitter.com/OWhEux8F78
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
Well, we have a Sigma rule from 2017 that would detect this "brand new" Trickbot campaign and I'll write one for the wreset.exe UAC bypass Rule https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_svchost.yml … https://twitter.com/ReaQta/status/1222548288731217921 …pic.twitter.com/ELcxrA0Sng
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
For the past few months, I've been diving into Apple's Endpoint Security Framework. This post shares how I use the framework for detection engineering purposes. https://posts.specterops.io/detection-engineering-using-apples-endpoint-security-framework-affdbcb18b02 …pic.twitter.com/PEpNy4v7jV
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Seems that someone reads
@BleepinComputer , the switch happened after their post about the new UAC bypass on windows 10. wsreset.exe is the new normal now. cc@LawrenceAbramshttps://twitter.com/ReaQta/status/1222548288731217921 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
A quick post on why you shouldn't use SYSTEM Tokens when you sandbox a process. Part 1 of N (where I haven't decided how big N is). https://www.tiraniddo.dev/2020/01/dont-use-system-tokens-for-sandboxing.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
OS hacking: Local root exploit via the QEMU graphics driver https://youtu.be/DhVZ7vO69DI Let’s exploit a SerenityOS kernel driver bug to get a root shell, and then fix the bug!


Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
#Trickbot ITW is now using a brand new#UACBypass for Windows 10 machines: wsreset.exe uac bypass.#Emotet More info here: https://lolbas-project.github.io/lolbas/Binaries/Wsreset/ … https://www.activecyber.us/activelabs/windows-uac-bypass …pic.twitter.com/FR9ekFKPO1
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
Thank you, Giuseppe for pointing this out. We are working on a fix for the cited LOLBin, and shall keep you posted. In the meanwhile, please be informed that this occurrence is associated only with admin accounts. Thank you for your understanding!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
Sigma rules to detect attacks exploiting ZOHO's signed dctask64.exe Rules https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_dctask64_proc_inject.yml … https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_renamed_dctask64.yml … Discovery by
@gN3mes1s https://twitter.com/gN3mes1s/status/1222088214581825540 …pic.twitter.com/DHxoueYhKN
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
olevba and mraptor now detect the new "_OnConnecting" trigger used in some recent malware, thanks to
@matte_lodi#oletools https://twitter.com/joe4security/status/1221765460502421504 …pic.twitter.com/6GebSQZWkt
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
argument: executecmd64 dctask64.exe executecmd64 <valid cmd.exe command> dctask64.exe executecmd64 echo "hello"pic.twitter.com/XcsDvLAVsD
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
argument: invokeexe dctask64.exe invokeexe <executable> will create a process for you.pic.twitter.com/LundppGA2J
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
For today "side lolbin" let's say thanks to: ZOHO Corporation private Limited with their dctask64.exe. Keep injecting all the dll we want with: dctask64.exe injectDll <dllpath> <PID> bonus point: we have the outputs!!! cc
@Oddvarmoe@Hexacorn https://www.virustotal.com/gui/file/a1b55abba46db5836ab3050bd754aed462e7361744e7f9f6ab55427ecb35d761/relations …pic.twitter.com/x1B6bNQk6J
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Let’s start using dtrace to write some detection rules now
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Windows kernel now relies on Virtualization-based Security (VBS) to securely insert dynamic trace points into kernel code. By relying on VBS, we can now safely and securely insert dynamic tracepoints in the kernel without disabling PatchGuardhttps://twitter.com/TheRealHariP/status/1221885616691900417 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
Windows Kernel _IMAGE_DOS_HEADER::e_lfanew Denial Of Service/Memory Corruption https://waleedassar.blogspot.com/2020/01/malformed-pe-header-kernel-denial-of.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Giuseppe `N3mes1s` proslijedio/la je Tweet
we have an update to DTrace on Windows. with the latest 20H1 insider build, no more KD required to use dtrace on windows. plus arm64 MSI.https://techcommunity.microsoft.com/t5/windows-kernel-internals/dtrace-on-windows-20h1-updates/ba-p/1127929 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
