Kshitij Kumar

@kshitijk_

You can never know enough. Opinions are my own, not my employer's.

Los Angeles, CA
Vrijeme pridruživanja: siječanj 2012.

Tweetovi

Blokirali ste korisnika/cu @kshitijk_

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @kshitijk_

  1. Prikvačeni tweet
    25. stu 2019.

    Too many IR investigations that I do are slowed down because critical systems of interest have been wiped/reimaged. Make evidence preservation guidelines part of your incident response playbooks. Follow them. Please. Future you and any IR team will be grateful.

    Poništi
  2. proslijedio/la je Tweet
    prije 15 sati

    Ok. Another DFIR pet peeve has come to light (well, two actually). Use the 24 hour clock for times. If you use the 12hr clock not only does it break sorting, but unicorns die. If you use the 24hr clock DO NOT USE AM/PM. Seriously. That's insanity right there.

    Poništi
  3. proslijedio/la je Tweet
    4. velj

    If you don’t schedule and block out time for process and tool improvement... ...it will not get done. Don’t expect folks to do “when you find time” during fully booked 40hr weeks after week or to “do it on your own time”.

    Poništi
  4. proslijedio/la je Tweet
    30. sij

    This is a great effort to get more people into RE :

    Poništi
  5. proslijedio/la je Tweet
    30. sij

    Overview of security certifications

    Poništi
  6. proslijedio/la je Tweet

    can confirm. enable defender, crank it all the way up. as a redteamer, i can say its a pain in the ass to get around, so defenders should take advantage of that.

    Poništi
  7. proslijedio/la je Tweet
    24. sij

    Autopsy 4.14 is out. New File Discovery UI, new map UI, APFS from , and lots more. Blog below covers major new features and has download link.

    Poništi
  8. proslijedio/la je Tweet
    20. sij

    Joe is hitting one of my CTI pet peeves.... adversaries can share tools! Be careful of ONLY using tools for attribution.

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    17. pro 2017.

    Learned this a while ago in 's dojo. Write .LOG in the first line of a file. Inserts a timestamp each time the file is opened. I just leave this here...

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    15. sij

    Microsoft Cybersecurity Solutions Groups is hiring globally. We have many roles available across varied cybersecurity and compliance disciplines. We are passionate in our commitment to our customers and partners success. Join Our Team!

    Poništi
  11. proslijedio/la je Tweet
    6. sij

    Inspired by "How to Build an Active Directory Hacking Lab" video on youtube, I wrote a step-by-step guide of how to build such a lab in Windows Azure for completely FREE. Check it out.

    Poništi
  12. proslijedio/la je Tweet
    13. lis 2019.

    Detect suspicious keyboard layout loads with this config & Sigma rule > Example: Allows you to detect CN 🇨🇳, VN 🇻🇳, IR 🇮🇷 remote users that connect to your servers maintained by US 🇺🇸 staff only Sysmon Config Sigma Rule

    Prikaži ovu nit
    Poništi
  13. 21. pro 2019.

    Did that movie have too much Force Or not enough Force 🤔

    Poništi
  14. proslijedio/la je Tweet
    18. pro 2019.

    Pro-tip: if you're tempted to write "cyberwar something something" — just edit out the "cyber" in your draft, and try "war something something." If it reads like nonsense, it probably was nonsense. Same for "cyberweapon." Also, it's almost 2020.

    Poništi
  15. proslijedio/la je Tweet
    17. pro 2019.
    Poništi
  16. proslijedio/la je Tweet
    13. pro 2019.

    There are SO MANY paths in . We can learn so much from each other if we’re willing to listen. What path are you walking?

    Poništi
  17. 13. pro 2019.

    It’s dark in this plane, and the fella next to me has his phone brightness all the way up. Like ALL THE WAY It’s like staring at the sun. Why would you do this...

    Poništi
  18. proslijedio/la je Tweet
    12. pro 2019.

    These stealthy BITS downloads are logged in Windows. You just need to collect the events and discard the few known-good cases and you get high-fidelity alerts for free.

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    10. pro 2019.

    Writing EDR software is easier than AV. At least 3 reasons: 1) AV detects&remediates, including surgical post-viral infection file repair while EDR primarily logs stuff&then some 2) AV uses tones of legacy code&needs to detect DOS virs 3) no one forgives AV, everyone forgives EDR

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    9. pro 2019.
    Odgovor korisniku/ci
    Poništi
  21. proslijedio/la je Tweet

    101: Today I spent an hour learning how to do something that only takes 5 minutes to complete. I just didn't know. Now I do. I will end up saving hours of work on future cases because of today's "setback".

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·