Tweets

You blocked @tifkin_

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @tifkin_

  1. Retweeted
    Dec 19

    You'll have a hard time finding a more mature methodology for developing _robust_ detections than and his colleagues at .

  2. Retweeted
    Dec 19

    We've open sourced our framework for developing alerting and detection strategies for incident response. We have also included several internal strategies as examples to spur greater sharing and collaboration with defenders.

  3. Retweeted
    Dec 17

    As a high school dropout, I often struggle comprehending mathematical formulas from academic papers (aka numbers combined with squiggly lines). This github just explained so much to me:

  4. Retweeted
    Dec 17

    Girl Scouts will soon earn badges in cybersecurity <- This is so Awesome!

  5. Retweeted
    Dec 14

    Where the heck has this been in twitter feeds? Microsoft added a ton of information for Windows Events on Github. Its not everything, "yet?", as only 9 days ago for the commit... but wow, great resource.. git clone to your box :)

  6. Retweeted
    Dec 12

    Women in cybersecurity programs - apply for this new scholarship! Open to cybersec students (US or Israel citizens). More info here from Morphisec:

  7. Retweeted
    Dec 11

    Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI:

    Show this thread
  8. Retweeted
    Dec 7

    A defender's auditing tool is an attacker's "living off the land" reconnaissance tool. For example, an attacker might be wise to run autoruns to identify existing ASEPs to hide in or hijack. There might even be privesc potential.

  9. Retweeted
    Dec 3

    As a red teamer, if you ever have the opportunity to work a threat hunting or IR engagement, you should jump at the opportunity! You will be humbled by the challenges defenders deal with at scale and you will gain valuable insight into how they baseline normal and triage alerts.

  10. Retweeted

    I'm not a hash/password cracker, but some of you are. For the love of , and , can now patch LSASS to force NTLM Server challenge to 0x1122334455667788 (still experimental: W7-SP1 and W10-1709 only at this time)

  11. Retweeted
    Dec 3
  12. Dec 1

    Symon rules for individual ATT&CK techniques. Very cool! Excited to see the list keep growing!

  13. Retweeted
    Dec 1

    Atomic Sysmon configs individually mapped to the ATT&CK Matrix anyone? is on fire! All this now requires is a little code to enable selective merging of technique detections. Detection unit testing FTW! /cc

  14. Dec 1

    It is still common to see some Windows XP or Windows 2003 machines in the environments I work in.

  15. Retweeted
    Nov 30

    Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

  16. Retweeted
    Nov 29

    CALDERA has been released! We will be presenting the work at next week.

  17. Retweeted
    Nov 24

    Myself and took a look at the Furby Connect's BLE-uploadable DLC format

    Show this thread
  18. Retweeted
    Oct 18

    Logging like a lumberjack - how to best configure your systems and tools-of-the-trade to semi-automate logging:

  19. Retweeted
    Nov 20

    SoMeta Automates Enumeration of the AWS EC2 Metadata Service so you can spend more time doing what you love rather than repeatedly curl-ing REST APIs by hand.

  20. Retweeted
    Nov 20

    The fourth post in my "PowerView PowerUsage" series - covers enumerating cross-trust DACLs/ACEs

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·