teafour [t4]

@llt4l

Security Researcher. Cyber Security PG Student. Interested in all things red w̶h̶i̶t̶e̶ purple and blue. OSCP.

A land far, far away
Vrijeme pridruživanja: listopad 2014.
59 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @llt4l

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @llt4l

  1. proslijedio/la je Tweet
    4. velj

    Historically, the industry and the jobs within it will push you towards specialization in either host or network evidence. However, to be an effective analyst you need expertise in both. 1/

    1 reply 9 proslijeđenih tweetova 19 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    3. velj

    Announcing the release of Osquery in a Box: A simple collection of docker-compose and other configuration that will bootstrap an osquery, Fleet, ELK stack environment in under 5 mins. Been wanting to try out these technologies? Now's your chance.

    46 proslijeđenih tweetova 141 korisnik označava da mu se sviđa
    Poništi
  3. proslijedio/la je Tweet
    2. velj

    A few resources for those interested in and : 0) 1) “Edward Bernays”! e.g. 2) 3) AMITT framework (based on ATT&CK):

    1 reply 4 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    31. sij

    A day prior to the Travelex hack, its parent company was worth $2.1 Billion. A month later it is now worth $764 Million. The CEO owns 63% of the shares, which puts his personal loss around $850 Million.

    29 replies 285 proslijeđenih tweetova 950 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    29. sij

    AD Privilege Escalation Exploit: The Overlooked ACL

    121 proslijeđeni tweet 345 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    30. sij

    When studying breaches, I've found that security products worked, but alerts weren't seen. Or the right products have been purchased, but are misused or misconfigured. As we get closer to RSA, make sure what you've got is working before you buy something new.

    109 proslijeđenih tweetova 503 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    27. sij

    Big change coming to Windows Server this March - insecure LDAP requests will be rejected by default. That's a change in behaviour which will absolutely break things in some orgs How to get in front of the issue:

    30 replies 350 proslijeđenih tweetova 682 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    27. sij

    If 's DotnetToJScript is blocked on newer versions of Windows or if it gets flagged by AMSI, you can use Excel automation via a COM object as an alternative to execute shellcode from JScript or VBScript w/o touching disk. PoC for x86 & x64 here:

    145 proslijeđenih tweetova 292 korisnika označavaju da im se sviđa
    Poništi
  9. 26. sij

    And for every minute a service is down you lose a point

    Also I'd like to see a DSCP, or Defensive Security Certified Professional. The exam is you have 24h to set up a defensive infra (with limits, like in the real word!) and then not get pwned within another 24, or get pwned and do IR.
    Prikaži ovu nit
    1 korisnik označava da mu se sviđa
    Poništi
  10. proslijedio/la je Tweet
    22. sij

    Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)

    20 replies 533 proslijeđena tweeta 952 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    25 replies 485 proslijeđenih tweetova 884 korisnika označavaju da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    19. velj 2019.
    Odgovor korisnicima

    SACLs are bomb, yo.

    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  13. 20. sij

    Plenty of ideas for honey files that you can sprinkle all over your file shares. You can thank me later 😉

    Poništi
  14. proslijedio/la je Tweet
    19. sij

    command-line MSBuild.exe detection's got your down? How about MSBuild without MSBuild.exe?

    7 replies 254 proslijeđena tweeta 526 korisnika označava da im se sviđa
    Poništi
  15. 18. sij

    ".. Societies have tracked the high-water mark of rivers that periodically flood - and have always prepared accordingly, apparently assuming that floods would not rise higher than the existing high-water mark." - Kahneman

    Poništi
  16. proslijedio/la je Tweet
    17. sij

    JhoneRAT: Cloud based python RAT targeting Middle Eastern countries

    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    17. sij

    Want to make service removal really fun? Create a service with a unicode name. The service will run but won't show in sc.exe, services.msc, or taskmgr.exe and will sometimes cause a critical error while trying to find it with PowerShell/WMI. Unicode wins again.🤦‍♂️

    13 replies 390 proslijeđenih tweetova 885 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    16. sij

    Um, hey everyone, if that Windows crypto vuln wasn't enough to make you want to patch right away... did you look at the RDP vulns? (Article posting shortly)

    26 proslijeđenih tweetova 60 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    16. sij

    Do this Old but gold

    We'll see and APT move laterally via RDP using Windows service accounts. Configure your to alert when you see type 10 remote interactive logons from Windows service accounts. You may be surprised as what you see. 😀
    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    14. sij

    - here it is folks. The first sentence is key; this is not remote, not code execution, not "MS17-010 bad". Should you patch? Absolutely. Is it the end of computers as we know it? Lol, no, not even close.

    40 proslijeđenih tweetova 77 korisnika označava da im se sviđa
    Poništi

@llt4l još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·