eitot
@eitot8Co-Founder & Principal Consultant @ Tier Zero Security (https://t.co/nat3BNrqQn)
Similar User
@shephajona
@softpoison_
@NileshPisces
@NZSmartie
@LostBoyNZ
@claudiocontin
@dunderhay
@securityfu
Need some persistence but don't want to make it super obvious? Calling Get-MpPreference from Powershell will try to load wbemprox.dll via COM.🤪So even a sheduled task calling powershell with this function will trigger your C2 connection.
🛑 5 Common Windows Settings That Leave Your Organisation Vulnerable 🛑 Apart from ADCS HTTP Enrollment, they are all default settings. That’s probably why we keep seeing similar setup 😬
Who’s the real #GrimResource? Spoiler: It’s us! 😏 Here's our latest blog on using MSC files for initial access: outflank.nl/blog/2024/08/1… Fun fact: @elastic’s post on this technique came from a sample caught by a blue team, originally used by a red team through our OST offering.
From Domain User to Global Admin. A real example from a real environment. We found this path with free and open source BloodHound Community Edition: medium.com/p/335652a164df
I've created a PoC for network-based EDR telemetry filtering. We'll try to release a blog on Tier Zero Security Ltd website early next week :) 🛑 ARP Spoofing and Network Filtering to Block EDR Telemetry 🛑 youtu.be/Uyx4nsjupnE?si…
I was working on the lateral movement kill-chain from on-premises AD to Microsoft Entra ID when I discovered a new offering from Microsoft called "Microsoft Entra Cloud Sync” and we decided to take a closer look tierzerosecurity.co.nz/2024/05/21/ms-…
Had a go with the KexecDD exploit recently release and wrote a quick post about it: tierzerosecurity.co.nz/2024/04/29/kex… link to the original exploit: github.com/floesen/KExecDD
LSA Whisperer focuses on interacting with Authentication Packages using their individual message protocols. Read @mcbroom_evan's NEW blog post detailing the journey developing the project to learn more. ⬇️ ghst.ly/3Q64iGa
Been playing with steganography for shellcode loaders and had some interesting results. You can read more at: tierzerosecurity.co.nz/2024/04/03/ste…
I was working on a blog about Sysmon implementation and now I’m abusing it. A typical gemini behavior. #redteam #blueteam #blindedr #edr #sysmon tierzerosecurity.co.nz/2024/03/27/bli…
TierZeroSecurity latest blog. @eitot8 explains how to abuse MiniFilter Altitude to blind EDR tierzerosecurity.co.nz/2024/03/27/bli…
I wrote a simple post on automation of evasion and compilation of C# tools tierzerosecurity.co.nz/2024/03/03/tea…
😈 Bypassing EDRs With EDR-Preloading @MalwareTechBlog describes “EDR-Preloading,” which involves running malicious code before the EDR’s DLL is loaded into the process, enabling you to prevent it from running at all 🛠️ PoC: github.com/MalwareTech/ED… malwaretech.com/2024/02/bypass…
Windows Sysinternals - Sysmon tierzerosecurity.co.nz/2024/02/27/mic… #Pentesting #Windows #CyberSecurity #Infosec
United States Trends
- 1. #LasVegasGP 272 B posts
- 2. Lakers 40,4 B posts
- 3. Bama 37,3 B posts
- 4. Auburn 35,3 B posts
- 5. Max Verstappen 126 B posts
- 6. Lewis 107 B posts
- 7. Chuck Woolery 5.295 posts
- 8. #ViratKohli 8.651 posts
- 9. Sainz 44,9 B posts
- 10. Lando 40,5 B posts
- 11. UCLA 10,6 B posts
- 12. Love Connection 5.171 posts
- 13. Ferrari 74,8 B posts
- 14. #Sundayfeeling N/A
- 15. #FROMily 1.660 posts
- 16. LAFC 3.745 posts
- 17. Nuggets 31,4 B posts
- 18. #INDvsAUS 43,2 B posts
- 19. Jokic 21,3 B posts
- 20. Oklahoma 50,5 B posts
Something went wrong.
Something went wrong.