PaulM

@pmelson

Author/Operator of . Blue Team by day, Blue Team by night. Opinions, typos, and bad grammar do not represent my employer.

MSP
Vrijeme pridruživanja: veljača 2008.

Tweetovi

Blokirali ste korisnika/cu @pmelson

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @pmelson

  1. Prikvačeni tweet
    8. sij

    Excited to be presenting at SANS in March! We’re going to talk about cybercrime markets and how they affect how we approach threat intelligence.

    Poništi
  2. prije 10 sati
    Poništi
  3. prije 13 sati

    If you have agile continuous deployment for your flagship app, but not for OS patching, stop saying “devops” like you know what it means.

    Poništi
  4. 4. velj
    Poništi
  5. 4. velj
    Prikaži ovu nit
    Poništi
  6. 4. velj

    complete with cleartext attacker creds TO THE EXFIL DOMAIN (winsblog[.]com). 😈

    Prikaži ovu nit
    Poništi
  7. 3. velj

    New versions of Beacon have moved away from the hardcoded default config XOR key. Since a couple examples hit Pastebin last week, I upgraded config parser to handle other key values.

    Poništi
  8. 3. velj

    My favorite thing about working with college students & recent grads is that they don't have years of people telling them what won't work or can't be done. Their lack of assumption and willingness to try new things without needing to reference existing design is a differentiator.

    Poništi
  9. proslijedio/la je Tweet
    3. velj

    Possible APT34 domain lebanonbuilder[.]com was registered on 2/2 through THCservers using cd.redel@protonmail[.]com and is hosted on a probable dedicated server at 23.106.160[.]127. In :

    Poništi
  10. 3. velj

    The biggest upset tonight is that not one judge guesses that Wayne was the robot.

    Poništi
  11. 3. velj

    Like puzzles? Here's an obfuscated PHP webshell that should scratch that itch.

    Poništi
  12. 2. velj

    Another run of that obfuscated multistage PowerShell loader for Cobalt Strike Beacon.

    Poništi
  13. 2. velj

    Is the sun exploding? How is it this warm in Minnesota in Feb?

    Poništi
  14. proslijedio/la je Tweet
    1. velj
    Odgovor korisnicima

    Oh , here is the IP in the extracted Binary

    Poništi
  15. 1. velj
    Poništi
  16. 1. velj
    Poništi
  17. 1. velj

    This is interesting. The payload is a Meterpreter reverse shell PE binary. but that’s the exact same variant of the PowerShell Empire reflective loader that I’ve observed used with hundreds of times since last summer.

    Poništi
  18. proslijedio/la je Tweet
    31. sij

    ! Ashlyn may be in the , area. She may be with two adult females. Ashlyn may use the alias last name Dellez.

    Poništi
  19. proslijedio/la je Tweet
    31. sij

    ! Gavin was last seen on Jan. 27, 2020 in American Fork, .

    Poništi
  20. proslijedio/la je Tweet
    30. sij

    If you’re a minority/person of color in tech and are interested in a career at Twitter please DM me 🙏🏽

    Prikaži ovu nit
    Poništi
  21. 31. sij

    PowerShell to .NET Assemby to Python to Bash is quite the execution chain for an implant. I'm impressed, but it's pretty easily wrecked.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·