Steve Miller

@stvemillertime

🦅 Advanced Practices 🦅 Writing/sharing research for my 2011 self and all students of , intermittent contributor to /

121.5mhz
Vrijeme pridruživanja: siječanj 2009.

Tweetovi

Blokirali ste korisnika/cu @stvemillertime

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @stvemillertime

  1. Prikvačeni tweet
    13. stu 2019.

    When explaining things like "aperture" and "threat density" and "fidelity" of different types of logic designed to help one discover the existence of malicious activity, you might find the a helpful frame of reference.

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    prije 8 sati

    Woke up this morning to a message from about a crazy YARA rule he wrote () to look for DLLs where exported functions are at the same RVA. I suggested he look into testing my pending PR (). 1/?

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    prije 10 sati

    Beyond excited to be presenting on Cloud Breach Patterns in beautiful Barcelona this April with We have been building automation for identifying unwanted exposures in 🔎☁️ Attackers are adapting how they find leaks. Are you?

    Poništi
  4. proslijedio/la je Tweet
    prije 13 sati

    Happy to announce I'll be speaking at this summer demonstrating some novel approaches to post exploitation tradecraft

    Poništi
  5. proslijedio/la je Tweet

    - PE header embedded in document metadata (rich header hash for msfvenom payload) - VBA macro stomped - Macro hidden from Office GUI - Embedded PowerShell commands -> AWS load balancer - RICKROLL REFERENCES - Turkish question about Raven eyes 👀 Bingo!

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    3. velj

    A SharePoint vulnerability that allegedly led to a United Nations' data breach in July is still being exploited by attackers to target Middle Eastern governments. Our latest research found nearly 29,000 unpatched servers still vulnerable:

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    2. velj

    U.S. universities are a soft target for China's spies, say officials via

    Poništi
  8. proslijedio/la je Tweet
    2. velj

    Here's a short challenge for today: 33: What does this say? PCOBLCKBBUAAAEEC72L4EAWSH6PJZDSNI5J6ABFHEE6PDI5TDVWLSBPU

    Poništi
  9. proslijedio/la je Tweet
    29. sij

    2\ I've put a PoC powershell logistic regression rule up at the github link. Idea here is by Yara-ifing ML we make ML more transparent--the ML logic is right there in the text. And we allow blue teams to mix and match ML rules with signatures, and quickly swap in new models.

    Prikaži ovu nit
    Poništi
  10. 2. velj

    Hey this is cool. Do not sleep on yara. You can institute lots of logic and run it against lots of different data. Static files, runtime data, memory, and even pcap. I appreciate different approaches and creativity expressed in a common language/format/tech.

    Poništi
  11. proslijedio/la je Tweet
    29. sij

    1\ I've written a little compiler to ship ML models as standalone Yara rules, and done proof of concept detectors for Macho-O, RTF files, and powershell scripts. So far I have decision trees, random forests, and logistic regression (LR) working.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    1. velj

    Thank you all so much for coming to my talk on threat modeling! You can check out my slides (complete with references) here: . Thanks to , , and the amazing volunteer crew for having me and making this event possible!

    Poništi
  13. proslijedio/la je Tweet
    1. velj

    Some infosec knowledge is useful for months (knowledge of a given campaign), other knowledge, for years, (TTPs), other knowledge, for decades (the halting problem). Here's a "Pyramid of Pain" (cc/ ) inspired model of knowledge in cyber I find useful for myself.

    Poništi
  14. proslijedio/la je Tweet
    1. velj

    Finally! registration is now open and the agenda is announced. Check the agenda: Our speakers: Register here: Early Bird only until Feb 16. The number of tickets is limited, so don't wait!

    Poništi
  15. proslijedio/la je Tweet
    31. sij

    Want to see how the red team weaponizes threat intel for R&D and TTP development? Check out some research I did with and . Also includes some new executables that can be used for DLL abuse.

    Poništi
  16. proslijedio/la je Tweet
    31. sij

    Welcome to the world of Ghostwriter

    Prikaži ovu nit
    Poništi
  17. 31. sij

    This is how communicates with the team.

    Poništi
  18. proslijedio/la je Tweet
    31. sij

    In this campaign, ShadowPad's launcher was replaced by a simpler one, not VMProtected and using XOR-encryption instead of RC5. This ShadowPad variant embeds 17 modules including a keylogger and a screenshot module. 2/3

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    31. sij
    Poništi
  20. 31. sij
    Prikaži ovu nit
    Poništi
  21. 30. sij

    I’m interested in the offensive planning decisions. Real questions: what the expected half-life for a stage 0, stage 1 and stage 2 kits? What’s the dev time per stage? How do devs/operators plan/measure getting burned? How many of each do you have in your arsenal for contingency?

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·