Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @robwinchester3
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @robwinchester3
-
Rob Winchester Retweeted
Are you really ready for
#ThreatHunting? What does your data look like? Data Availability != Data Quality@SpecterOps@MITREattackhttps://posts.specterops.io/ready-to-hunt-first-show-me-your-data-a642c6b170d6 …Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
If you're attending
#BHEU, don't miss the Arsenal demos of our Automated Collection & Enrichment (ACE) platform at with@jaredcatkinson and@robwinchester3 tomorrow (12/6) from 10:00 - 11.35 at Station 1Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Atomic Sysmon configs individually mapped to the ATT&CK Matrix anyone? https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/attack_matrix/windows/sysmon_configs …
@Cyb3rWard0g is on fire! All this now requires is a little code to enable selective merging of technique detections. Detection unit testing FTW!#DFIR /cc@subTeeThanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Latest blog is up: 6 things for hunters to look for at the host level. Less about “IOC”s, more about techniques and class of indicators.
#threathunting#cybersecurityhttps://twitter.com/infocyteinc/status/936295053428973569 …Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Happy to welcome Roberto Rodriguez (
@Cyb3rWard0g) to our Adversary Detection team! Check out some of his GitHub https://github.com/Cyb3rWard0g and blog https://cyberwardog.blogspot.com/ !Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Well after a lot of help from
@Lee_Holmes, it lives. I've written a PowerShell wrapper for the#krabsetw#ETW library. PowerKrabsEtw lives: https://github.com/zacbrown/PowerKrabsEtw …. Alpha release here: https://github.com/zacbrown/PowerKrabsEtw/releases/tag/1.0.2-alpha …pic.twitter.com/pFjiTJfCyl
Show this threadThanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Windows Defender Exploit Guard's Attack Surface Reduction Rule: Block Office applications from creating child processes MS Access:
pic.twitter.com/61h1dhig26
Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
[Blog] UMCI Bypass Using PSWorkFlowUtility: CVE-2017–0215https://posts.specterops.io/umci-bypass-using-psworkflowutility-cve-2017-0215-71c76c1588f9 …
Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
A very detailed and educational malware analysis report for a typical banking trojan by
@ale_sp_brazil http://www.blackstormsecurity.com/docs/FOAATTB.pdf …pic.twitter.com/p5Zhjy6Hov
Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Malware comes and goes, but an Active Directory configuration change is (almost) forever.
Show this threadThanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
#BHEU -@jaredcatkinson &@robwinchester3 will be presenting “A Process is No One: Hunting for Token Manipulation” https://www.blackhat.com/eu-17/briefings/schedule/index.html#a-process-is-no-one-hunting-for-token-manipulation-8857 …Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
The well known Excel DDE vector can also be manipulated, here is the formula: =MSEXCEL|'\..\..\..\Windows\System32\cmd.exe /c calc.exe'!''pic.twitter.com/C37F5xt5hb
Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Great idea and excellent use of ATT&CK! As you try these, please let us know your feedback to make the model even better
#redteaminghttps://twitter.com/redcanaryco/status/918236402814394368 …Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Blog post - Hunting for .NET in-memory techniqueshttps://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks …
Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Excellent post by
@dez_ on hunting for malicious .NET activity in memory (with links to proof-of-concept tools)https://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks …Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Announcing
#bloodhound 1.4 - The Object Properties Update, including several improvements and new features:https://posts.specterops.io/bloodhound-1-4-the-object-properties-update-9932c5b1f3ca …Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
A one-two punch: certutil + scheduled tasks for
#OilRig persistence (https://attack.mitre.org/wiki/Technique/T1140 … + https://attack.mitre.org/wiki/Technique/T1053 …)https://twitter.com/Unit42_Intel/status/917434520596389889 …Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
Gather otherwise difficult to collect host data with
#BHEU Arsenal tool “ACE” by@jaredcatkinson &@robwinchester3 http://ow.ly/XJ2t30fKRHnThanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
LAST CALL: Early bird pricing for our Adversary Tactics:PowerShell class in Bellevue, WA. Nov 13th-16th
#infosechttps://specterops-atps.eventbrite.com/Thanks. Twitter will use this to make your timeline better. Undo -
Rob Winchester Retweeted
#Powershell - Microsoft's Incident Response Language@jaredcatkinson at#PSConfAsia Schedule http://psconf.asia@Microsoft_SGpic.twitter.com/XNvHz5YPE3
Thanks. Twitter will use this to make your timeline better. Undo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
