teafour [t4]

@llt4l

Security Researcher. Cyber Security PG Student. Interested in all things red w̶h̶i̶t̶e̶ purple and blue. OSCP.

A land far, far away
Vrijeme pridruživanja: listopad 2014.

Tweetovi

Blokirali ste korisnika/cu @llt4l

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @llt4l

  1. proslijedio/la je Tweet
    4. velj

    Historically, the industry and the jobs within it will push you towards specialization in either host or network evidence. However, to be an effective analyst you need expertise in both. 1/

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    3. velj

    Announcing the release of Osquery in a Box: A simple collection of docker-compose and other configuration that will bootstrap an osquery, Fleet, ELK stack environment in under 5 mins. Been wanting to try out these technologies? Now's your chance.

    Poništi
  3. proslijedio/la je Tweet
    2. velj
    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet

    A day prior to the Travelex hack, its parent company was worth $2.1 Billion. A month later it is now worth $764 Million. The CEO owns 63% of the shares, which puts his personal loss around $850 Million.

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    29. sij

    AD Privilege Escalation Exploit: The Overlooked ACL

    Poništi
  6. proslijedio/la je Tweet
    30. sij

    When studying breaches, I've found that security products worked, but alerts weren't seen. Or the right products have been purchased, but are misused or misconfigured. As we get closer to RSA, make sure what you've got is working before you buy something new.

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet

    Big change coming to Windows Server this March - insecure LDAP requests will be rejected by default. That's a change in behaviour which will absolutely break things in some orgs How to get in front of the issue:

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    27. sij

    If 's DotnetToJScript is blocked on newer versions of Windows or if it gets flagged by AMSI, you can use Excel automation via a COM object as an alternative to execute shellcode from JScript or VBScript w/o touching disk. PoC for x86 & x64 here:

    Poništi
  9. 26. sij

    And for every minute a service is down you lose a point

    Poništi
  10. proslijedio/la je Tweet
    22. sij

    Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    Poništi
  12. proslijedio/la je Tweet
    19. velj 2019.
    Odgovor korisnicima

    SACLs are bomb, yo.

    Poništi
  13. 20. sij

    Plenty of ideas for honey files that you can sprinkle all over your file shares. You can thank me later 😉

    Poništi
  14. proslijedio/la je Tweet
    19. sij

    command-line MSBuild.exe detection's got your down? How about MSBuild without MSBuild.exe?

    Poništi
  15. 18. sij

    ".. Societies have tracked the high-water mark of rivers that periodically flood - and have always prepared accordingly, apparently assuming that floods would not rise higher than the existing high-water mark." - Kahneman

    Poništi
  16. proslijedio/la je Tweet
    17. sij

    JhoneRAT: Cloud based python RAT targeting Middle Eastern countries

    Poništi
  17. proslijedio/la je Tweet
    17. sij

    Want to make service removal really fun? Create a service with a unicode name. The service will run but won't show in sc.exe, services.msc, or taskmgr.exe and will sometimes cause a critical error while trying to find it with PowerShell/WMI. Unicode wins again.🤦‍♂️

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet

    Um, hey everyone, if that Windows crypto vuln wasn't enough to make you want to patch right away... did you look at the RDP vulns? (Article posting shortly)

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    16. sij
    Poništi
  20. proslijedio/la je Tweet

    - here it is folks. The first sentence is key; this is not remote, not code execution, not "MS17-010 bad". Should you patch? Absolutely. Is it the end of computers as we know it? Lol, no, not even close.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·