Lee Christensen

@tifkin_

I like making computers misbehave. Does stuff at .

github.com/leechristensen/
Joined January 2011
13 Photos and videos Photos and videos

Tweets

You blocked @tifkin_

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @tifkin_

  1. Retweeted
    Dec 19

    You'll have a hard time finding a more mature methodology for developing _robust_ detections than and his colleagues at .

    We've open sourced our framework for developing alerting and detection strategies for incident response. We have also included several internal strategies as examples to spur greater sharing and collaboration with defenders.
    6 retweets 30 likes
  2. Retweeted
    Dec 19

    We've open sourced our framework for developing alerting and detection strategies for incident response. We have also included several internal strategies as examples to spur greater sharing and collaboration with defenders.

    10 replies 245 retweets 456 likes
  3. Retweeted
    Dec 17

    As a high school dropout, I often struggle comprehending mathematical formulas from academic papers (aka numbers combined with squiggly lines). This github just explained so much to me:

    38 replies 932 retweets 2,733 likes
  4. Retweeted
    Dec 17

    Girl Scouts will soon earn badges in cybersecurity <- This is so Awesome!

    33 retweets 53 likes
  5. Retweeted
    Dec 14

    Where the heck has this been in twitter feeds? Microsoft added a ton of information for Windows Events on Github. Its not everything, "yet?", as only 9 days ago for the commit... but wow, great resource.. git clone to your box :)

    4 replies 234 retweets 475 likes
  6. Retweeted
    Dec 12

    Women in cybersecurity programs - apply for this new scholarship! Open to cybersec students (US or Israel citizens). More info here from Morphisec:

    5 replies 104 retweets 88 likes
  7. Retweeted
    Dec 11

    Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI:

    22 replies 572 retweets 1,066 likes
    Show this thread
    Show this thread
  8. Retweeted
    Dec 7

    A defender's auditing tool is an attacker's "living off the land" reconnaissance tool. For example, an attacker might be wise to run autoruns to identify existing ASEPs to hide in or hijack. There might even be privesc potential.

    1 reply 21 retweets 41 likes
  9. Retweeted
    Dec 3

    As a red teamer, if you ever have the opportunity to work a threat hunting or IR engagement, you should jump at the opportunity! You will be humbled by the challenges defenders deal with at scale and you will gain valuable insight into how they baseline normal and triage alerts.

    19 replies 139 retweets 445 likes
  10. Retweeted
    Dec 3

    I'm not a hash/password cracker, but some of you are. For the love of , and , can now patch LSASS to force NTLM Server challenge to 0x1122334455667788 (still experimental: W7-SP1 and W10-1709 only at this time)

    5 replies 255 retweets 393 likes
  11. Retweeted
    Dec 3

    Memory Map Viewer including protected processes and actual data:

    4 replies 277 retweets 455 likes
  12. Dec 1

    Symon rules for individual ATT&CK techniques. Very cool! Excited to see the list keep growing!

    14 retweets 44 likes
  13. Retweeted
    Dec 1

    Atomic Sysmon configs individually mapped to the ATT&CK Matrix anyone? is on fire! All this now requires is a little code to enable selective merging of technique detections. Detection unit testing FTW! /cc

    9 replies 330 retweets 558 likes
  14. Dec 1

    It is still common to see some Windows XP or Windows 2003 machines in the environments I work in.

    1 reply 1 retweet 2 likes
  15. Retweeted
    Nov 30

    Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

    90 retweets 95 likes
  16. Retweeted
    Nov 29

    CALDERA has been released! We will be presenting the work at next week.

    10 replies 301 retweets 381 likes
  17. Retweeted
    Nov 24

    Myself and took a look at the Furby Connect's BLE-uploadable DLC format

    5 replies 24 retweets 32 likes
    Show this thread
    Show this thread
  18. Retweeted
    Oct 18

    Logging like a lumberjack - how to best configure your systems and tools-of-the-trade to semi-automate logging:

    103 retweets 248 likes
  19. Retweeted
    Nov 20

    SoMeta Automates Enumeration of the AWS EC2 Metadata Service so you can spend more time doing what you love rather than repeatedly curl-ing REST APIs by hand.

    2 retweets 2 likes
  20. Retweeted
    Nov 20

    The fourth post in my "PowerView PowerUsage" series - covers enumerating cross-trust DACLs/ACEs

    1 reply 186 retweets 237 likes

@tifkin_ hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·