Tweetovi

Blokirali ste korisnika/cu @rc_dfir

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @rc_dfir

  1. proslijedio/la je Tweet
    2. velj

    My Sysmon config sees the shell/open reg key being written, if you want to alert on this. /cc

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    2. velj

    GDA Android Reversing Tool - A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat

    Poništi
  3. proslijedio/la je Tweet
    1. velj

    For those of you using a NV GPU with Volta or Turing chipset, listen up! We hacked our way into the post-48k GPU shared memory region. This improved bcrypt cracking performance by an average of 25%. For instance a GTX2080Ti improved from 42116 H/s to 54770 H/s

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    1. velj

    RE just retired from . As the creator of the box, I tried to bring phishing/macro obfuscation concepts to the initial access. The intended privescs were the WinRar ACE file exploit, and XXE in Ghidra. I'll show two unintended privescs too.

    Poništi
  5. proslijedio/la je Tweet
    1. velj

    is a C# utility to steal a user's password using a fake Windows logon screen. This password will then be validated and saved to disk. Useful in combination with 's execute-assembly command.

    Poništi
  6. proslijedio/la je Tweet
    3. velj

    Analysis of a triple-encrypted AZORult downloader

    Poništi
  7. proslijedio/la je Tweet
    18. sij

    I just published a blog post "Attacking Active Directory for fun and profit" with a reference to the talk of

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    20. pro 2019.

    Interesting samples (both signed obfuscated jscripts and drop intermd signed dll, uses couple of lolbins + persistence via UserInitMprLogonScript) ,

    Poništi
  9. proslijedio/la je Tweet
    16. pro 2019.
    Poništi
  10. proslijedio/la je Tweet
    6. pro 2019.

    Passwordless RDP Session Hijacking Feature All versions

    Poništi
  11. proslijedio/la je Tweet
    8. pro 2019.

    Poor man’s persistent threat detection (medium sized enterprises without SIEM) A. Check Antivirus logs (best collected in central loc) > search for keywords (see screenshot) B. Run LOKI on exposed or suspiciously behaving systems

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    25. stu 2019.

    Want to classify process injection by Windows API calls? Check out the new poster made by and me!

    Poništi
  13. proslijedio/la je Tweet
    24. stu 2019.
    Poništi
  14. proslijedio/la je Tweet
    18. lis 2019.

    Swimming in logs and want to triage potentially suspicious content? Scriptblock logs generated with autologging are logged at the Warning level (3) versus global logging (Verbose - 5). Autologging logs if any of these "dirty words" are present.

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    22. lis 2019.

    Calling DLL in rundll32.dll exports by ordinal is suspicious - let's create a Sigma rule Rule

    Poništi
  16. proslijedio/la je Tweet
    23. lis 2019.

    People often get confused about reusable credentials on destinations depending on the Logon type e.g. they say "if I use PsExec, attackers can always dump my creds from memory", which is wrong I recommend you bookmark this page as reference

    Poništi
  17. proslijedio/la je Tweet
    24. lis 2019.

    I have the honor of having the first blog post on our new shiny site at . Read about me playing with regsvr32 to find the AV signature and techniques to bypass it

    Poništi
  18. proslijedio/la je Tweet
    25. lis 2019.
    Poništi
  19. proslijedio/la je Tweet
    24. lis 2019.
    Poništi
  20. proslijedio/la je Tweet
    26. ruj 2019.

    Faking an AD account password change is possible (including on the krbtgt account), but detectable. Check "User must change password at next logon", Apply, uncheck, Apply. Boom, password last set date is changed, but the actual password is not. UnicodePWD = password attribute

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·