Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @rc_dfir
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @rc_dfir
-
10010010 proslijedio/la je Tweet
My Sysmon config sees the shell/open reg key being written, if you want to alert on this. /cc
@cyb3ropshttps://twitter.com/teamcymru/status/1224085088851447808 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
GDA Android Reversing Tool - A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oathttp://www.kitploit.com/2020/02/gda-android-reversing-tool-new.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
For those of you using a NV GPU with Volta or Turing chipset, listen up! We hacked our way into the post-48k GPU shared memory region. This improved bcrypt cracking performance by an average of 25%. For instance a GTX2080Ti improved from 42116 H/s to 54770 H/spic.twitter.com/jm6gICcu9h
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
RE just retired from
@hackthebox_eu. As the creator of the box, I tried to bring phishing/macro obfuscation concepts to the initial access. The intended privescs were the WinRar ACE file exploit, and XXE in Ghidra. I'll show two unintended privescs too.https://0xdf.gitlab.io/2020/02/01/htb-re.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
#FakeLogonScreen is a C# utility to steal a user's password using a fake Windows logon screen. This password will then be validated and saved to disk. Useful in combination with#CobaltStrike's execute-assembly command. https://github.com/bitsadmin/fakelogonscreen …pic.twitter.com/2pAOk9InLMHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
Analysis of a triple-encrypted AZORult downloader https://i5c.us/3b2v4Jc pic.twitter.com/WawmyF13e1
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
I just published a blog post "Attacking Active Directory for fun and profit" https://identityaccess.management/2020/01/17/attacking-active-directory-for-fun-and-profit/ … with a reference to the talk of
@VK_IntelPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
Interesting samples (both signed obfuscated jscripts and drop intermd signed dll, uses couple of lolbins + persistence via UserInitMprLogonScript) ,https://app.any.run/tasks/cdf91d1a-129d-4fb1-a1cd-e8c983c7673a …https://app.any.run/tasks/d908182b-f208-47e7-af2c-de22f732d80a/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
New blog post "Analyzing .DWG Files With Embedded VBA Macros" https://blog.didierstevens.com/2019/12/16/analyzing-dwg-files-with-vba-macros/ …pic.twitter.com/AtqckfrzXB
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
Passwordless RDP Session Hijacking Feature All
#Windows versions http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
Poor man’s persistent threat detection (medium sized enterprises without SIEM) A. Check Antivirus logs (best collected in central loc) > search for keywords (see screenshot) https://www.nextron-systems.com/2019/10/04/antivirus-event-analysis-cheat-sheet-v1-7-2/ … B. Run LOKI on exposed or suspiciously behaving systems https://github.com/Neo23x0/Loki pic.twitter.com/hrr74zNzzy
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
Want to classify process injection by Windows API calls? Check out the new poster made by
@MalFuzzer and me!#ProcessInjection#MalwareAnalysis#CheatSheet#Poster https://malwareanalysis.co/ pic.twitter.com/uLN81TUCBd
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
Prevent Legitimate Windows Executables To Be Used To Gain Initial Foothold In Your Infrastructure by
@dmargaritis https://medium.com/@dimitrismargaritis/prevent-legitimate-windows-executables-to-be-used-to-gain-initial-foothold-in-your-infrastructure-39771cd6ec90 …pic.twitter.com/aZB27XYeNu
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
Swimming in
#PowerShell logs and want to triage potentially suspicious content? Scriptblock logs generated with autologging are logged at the Warning level (3) versus global logging (Verbose - 5). Autologging logs if any of these "dirty words" are present. https://github.com/PowerShell/PowerShell/blob/bf912460299b1920b5f9684cfd9acd18e03d0153/src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs#L1797-L1933 …pic.twitter.com/qVeYFjub6y
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
Calling DLL in rundll32.dll exports by ordinal is suspicious - let's create a Sigma rule Rule https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_rundll32_by_ordinal.yml …pic.twitter.com/bE12eEAST3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
People often get confused about reusable credentials on destinations depending on the Logon type e.g. they say "if I use PsExec, attackers can always dump my creds from memory", which is wrong I recommend you bookmark this page as reference https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material …pic.twitter.com/Cyj43lbTtr
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
I have the honor of having the first blog post on our new shiny site at
@TrustedSec. Read about me playing with regsvr32 to find the AV signature and techniques to bypass ithttps://twitter.com/TrustedSec/status/1187431209934184448 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
Nginx + PHP, anyone? Nasty RCE 0day CVE-2019-11043 https://www.php.net/ChangeLog-7.php#7.1.33 … https://bugs.php.net/bug.php?id=78599 … Exploit codehttps://github.com/neex/phuip-fpizdam …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
I asked the community if they wanted O365 attack techniques. I believe in an open and contributor-friendly model I talked about at
#t2infosec. Happy@Microsoft contributed to@MITREattack for cloud!
https://github.com/JohnLaTwC/Shared/blob/master/Presentations/2019-10-GithubificationOfInfosec.v1.3.pptx …
https://github.com/JohnLaTwC/Shared/blob/master/Presentations/Office%20365%20-%20Attacks%20and%20References.pptx …
https://twitter.com/MITREattack/status/1187366974529126401 …pic.twitter.com/aQLaPfI5td
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
10010010 proslijedio/la je Tweet
Faking an AD account password change is possible (including on the krbtgt account), but detectable. Check "User must change password at next logon", Apply, uncheck, Apply. Boom, password last set date is changed, but the actual password is not. UnicodePWD = password attributepic.twitter.com/HUyqD1Ya3H
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
spiffy