Olaf Hartong

@olafhartong

| DFIR | Threat hunter | Data Dweller | Splunk | Sysmon

The Netherlands
Vrijeme pridruživanja: listopad 2009.

Tweetovi

Blokirali ste korisnika/cu @olafhartong

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @olafhartong

  1. Prikvačeni tweet
    19. svi 2019.
    Poništi
  2. proslijedio/la je Tweet
    3. velj
    Poništi
  3. proslijedio/la je Tweet
    21. sij

    This year at ATT&CK based hunt engineering on Windows by The training focusses on the whole cycle, from defining a hunt to researching the relevant techniques to building the hunting logic and executing it on a large dataset.

    Poništi
  4. proslijedio/la je Tweet
    2. velj
    Poništi
  5. proslijedio/la je Tweet
    2. velj

    SettingSyncHost.exe as a LolBin cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foo

    Poništi
  6. proslijedio/la je Tweet
    2. velj
    Poništi
  7. proslijedio/la je Tweet
    1. velj

    is a C# utility to steal a user's password using a fake Windows logon screen. This password will then be validated and saved to disk. Useful in combination with 's execute-assembly command.

    Poništi
  8. proslijedio/la je Tweet
    1. velj

    Thank you all so much for coming to my talk on threat modeling! You can check out my slides (complete with references) here: . Thanks to , , and the amazing volunteer crew for having me and making this event possible!

    Poništi
  9. proslijedio/la je Tweet
    31. sij

    Join me and on Tuesday, February 11th as we unveil 3.0! We will demo new attack primitives, performance improvements, and changes in the GUI. Register for the webinar here (recording available afterwards):

    Poništi
  10. proslijedio/la je Tweet
    30. sij

    Pro Tip: 👉 Want to audit what your MSP is doing via Azure Lighthouse in your Azure subscription? 📍 Here's the KQL query:

    Poništi
  11. proslijedio/la je Tweet
    31. sij

    Has anyone (boss, client, student, etc) ever asked you in what Windows event log can you find a process, IP address, InterfaceUuid, etc? Very helpful to identify providers that you might need to start collecting data from. is using online interactive

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    30. sij

    For the past few months, I've been diving into Apple's Endpoint Security Framework. This post shares how I use the framework for detection engineering purposes.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    31. sij

    What unreleased FSD Autopilot sees. Straight from Tesla Autopilot recruiting website.

    Poništi
  14. proslijedio/la je Tweet
    30. sij

    Awesome first in Amsterdam . Thanks everyone for coming and thanks to and for the talks! Next will be announced soon. Keep up to date here:

    Poništi
  15. proslijedio/la je Tweet
    29. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    I finally got around to publishing my Sysmon deployment method. Hope people find it useful:

    Poništi
  16. 29. sij

    This is an epic training, I can really recommend this one!

    Poništi
  17. proslijedio/la je Tweet
    28. sij

    Chain Reactor makes simulation of adversary behaviors and techniques on Linux fast, easy, free. Great work by Carl, , and the team!

    Poništi
  18. proslijedio/la je Tweet
    28. sij

    Managing Azure Sentinel with GitHub and Azure DevOps to control versioning and deployment of alert rules, queries, workbooks, etc.

    Poništi
  19. proslijedio/la je Tweet
    28. sij

    Blog: Tracking : our analysis of sample configurations, ransom demands and sinkhole data. The REvil affiliates operate at a huge scale encrypting 1000s of systems at once. And we're only seeing a fraction of the total activity.

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    28. sij

    ICYMI - released MoveKit and StayKit, a collection of aggressor scripts, .NET projects, and templates to enhance lateral movement and persistence on your engagements. Link: MoveKit: StayKit:

    Poništi
  21. proslijedio/la je Tweet
    28. sij

    Be a smart defender! No excuses, don’t need expensive EDR or fancy tools. on monitoring using available tools for intelligent monitoring, linked to ,+ready to use for threat hunting! Sysmon module + TH app —>

    , , i još njih 3
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·