Tweets

You blocked @subTee

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @subTee

  1. Pinned Tweet
    6 Jul 2015

    True Vendor Call Our software protects you from buffalo overflows. Me:Excuse me, What? o_O Buffalo Overflows. Me: OK

  2. Retweeted
    20 hours ago

    Another instance where encourages us to rethink our views on digital signature validation.

  3. Retweeted
    Dec 21
    Replying to and

    I don't know that it's possible to authentically simulate the best APT groups. You can target the same victims and data, but they have nation state funding to innovate. You can get as close as yesterday.

  4. Retweeted
    Dec 20

    FYI: 17 years into my career, still trying to become an expert at something! While I've still got stuff to learn, and still need to get better at things, the effort/process/learnings all take me to wonderful places and meeting with great people. Attitude and aptitude are key!

  5. Retweeted
    Dec 20

    Periodic reminder: all non-trivial platforms have had serious, exploitable vulnerabilities found in them from time to time. Having a vulnerability discovered in your product isn’t in and of itself shameful. But responding badly by lashing out when one is found definitely is.

  6. Retweeted
    Dec 20

    ASLRA: Statistical tool specially designed to measure all parameters that determine quality of ASLR [patches for paxtest ; see also OpenBSD KARL but "how would do you sign such a kernel"?]

  7. Retweeted
    Dec 19

    Take a look at ShmooCon Labs. We've rebooted things a bit with a much larger focus on operations and analysis. If you want to learn more about security operations, malware analysis, and incident response, take a look at Labs.

  8. Retweeted
    Dec 19

    We've open sourced our framework for developing alerting and detection strategies for incident response. We have also included several internal strategies as examples to spur greater sharing and collaboration with defenders.

  9. Dec 19

    My "scrap" or junk code as an experiment. This was me writing a quick PoC hook to grab TLS Req/Resp from PowerShell memory, instead of with a proxy Take a look, experimental PoC only. May be helpful/interesting. Feedback Welcome. Still more to do...

  10. Retweeted
    Dec 19

    Makes me wonder what the "average security team" Detect Ops look like.

  11. Retweeted
    Dec 18
    Replying to

    I can attest to RWX standing out. We got to run 's Get-InjectedThread at scale recently! 😀

  12. Dec 18
    Show this thread
  13. Dec 18

    Oh Wow, this was a blast to write. In Memory SSL Intercept ;-). Thanks again mavinject! All your Encrypted PowerShell WebRequests Are Belong To Us ;-) Have Fun!

    Show this thread
  14. Dec 18

    [Good Read] Windows Inline Function Hooking

  15. Dec 18

    Simple DLL Inject UserMode Hook Example: Nice Complimentary pairing with mavinject.exe 🍷 In this example, we hook CreateProcess and prevent cmd.exe/taskmgr.exe PoC only, but you get the idea. More interesting would be to hook sspicli!EncryptMessage ;-)

  16. Retweeted
    Dec 18

    My book's finally here, just in time for Xmas. Thanks to and for all their time and effort as well as my friend for doing the forward. Hope anyone who's bought it are seeing final copies arriving. And it's a dog on the cover BTW 🙂

  17. Retweeted
    Dec 15

    Is there any possibility of Windows moving sensitive logging into a hypervisor-protected container? I don’t know how that would even work, just curious.

  18. Dec 15

    Sysmoney! Thanks mavinject.exe! Details probably never.

  19. Retweeted
    Dec 14

    This evening's post on diary, , provides more well deserved attention for 's Chris Long's () Detection Lab with: Windows 2016 DC Windows 2016 WEF/WEC server Win10 non-server endpoint Ubuntu 16.04 logger A lab for defenders!

  20. Dec 14
  21. Retweeted
    Dec 14

    Using MavInject32.exe (Microsoft Corp Signed) to load any dll in a running process. > "C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe" <PID> /INJECTRUNNING <PATH DLL> cc:

    Show this thread

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·