Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
Blokirali ste korisnika/cu @withdk
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @withdk
-
DK proslijedio/la je Tweet
So, there is Exploit:Win32/CVE-2020-0601.D for Microsoft certificates, and Exploit:Win32/CVE-2020-0601.E for "the others"pic.twitter.com/nvpTa6OLjC
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
"
#ShadowMove: a Stealthy Lateral Movement Strategy" is now available to read Read if interested to see a new practical lateral movement https://usenix.org/conference/usenixsecurity20/presentation/niakanlahiji … Demo (TDS (MS SQL) & FTP): https://uofi.app.box.com/folder/93023403411 … Prototype will be released soon@MITREattack@USENIXSecurityPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
Phenomenal use of
@shodanhq to find APT C2 infrastructure. This whole thread is worth reading but this tweet is my favorite.https://twitter.com/cglyer/status/1182024668099862528 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
@shodanhq added a new option to one of my favorite hidden gems: 'shodan domain' now has a -D flag which will lists open ports on each IP (A records only right now). It slows down the output, so -S will let you save to a file for future use.
pic.twitter.com/5dLWd0l5LT
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
If you’re into writing or detecting maldocs and you haven’t looked at ViperMonkey, look now: https://github.com/decalage2/ViperMonkey … I’m told it’s now used by Project Zero and DoD. One of the primary authors is a
@WalmartTech associate and a good person to follow:@bigmacjpgHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
DK proslijedio/la je Tweet
My hats off to
@TrustedSec for releasing their SOW, language, MSA language and "get out of jail" letter to help consultants protect themselves from situations like what recently happened to the 2 Coalfire pentesters in Iowa recently: https://github.com/trustedsec/physical-docs ….Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
Github announced amazing tool to help find vulns. Makes it free for research and opensource projects. People: waaaah, not using atom in examples, waaaaah disappointed, mumble groan. you can't win, no matter how much good you try and do.https://twitter.com/github/status/1195032831543656448 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
Defenders should deploy this settings: HKLM\SYSTEM\CurrentControlSet\Control\Lsa Dword: RunAsPPL Value: 1 Protects dumping of Lsass with a simple registry value. Encountered that on an engagement recently.
Mimikatz driver needed to bypass
Detailshttps://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
Examples of leaking Kernel Mode information from User Mode on
#Windowshttps://github.com/sam-b/windows_kernel_address_leaks …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
Either you are an attacker or defender, detecting privilege relationships in AD connected data is easy to do w/ BloodHound! What about
#jupyter notebooks to complement the data analysis and viz
of graph data? cc: @_wald0@CptJesus@harmj0y@tifkin_
https://medium.com/threat-hunters-forge/jupyter-notebooks-for-bloodhound-analytics-and-alternative-visualizations-9543c2df576a …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
The BabyKernel Windows exploitation challenge from last week's
@DragonSectorCTF is up on GitHub:https://github.com/j00ru/ctf-tasks/tree/master/Dragon%20CTF%202019/Main%20event/BabyKernel …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
On to part 2 in my series on AppLocker internals. This time I go into how AppLocker blocks process creation (or does it?), and some of the ways that you can opt-out of AppLocker if you're special enough. https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-2.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
Published part 1 of a short series on AppLocker internals, no bypasses, just how the technology actually works on Windows 10 1909 and maybe some silly tricks along the way. https://tyranidslair.blogspot.com/2019/11/the-internals-of-applocker-part-1.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
I wrote up a quick POC, RemoteViewing, to demo RDP credential theft (adapted from
@0x09AL post => https://www.mdsec.co.uk/2019/11/rdpthief-extracting-clear-text-credentials-from-remote-desktop-clients/ …) using EasyHook and Donut
. More details on GitHub => https://github.com/FuzzySecurity/Sharp-Suite#remoteviewing …pic.twitter.com/mZZAwY5nFd
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
I published yet another
#xssearch article about Cache Probing Attack! Today I discovered that the report has been indexed by crawlers, so I reached out to@sirdarckcat and with his approval, created a short article about my findings :) https://medium.com/@terjanq/massive-xs-search-over-multiple-google-products-416e50dd2ec6 …#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je Tweet
Oooh this is cool research by
@danyaldrew, NTLM reflection is back by waiting for the NTLM challenge cache entry to timeout... awesome posthttps://shenaniganslabs.io/2019/11/12/Ghost-Potato.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
DK proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
DK proslijedio/la je Tweet
Advice for the aspiring Pentester: Put down the
#Metasploit books and pick up Windows Internals. There's opportunity on every page.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.