10010010
@rc_dfir#dfir #malware #threathunting #incidentresponse
Similar User
@phillmoore
@smoothimpact
@MrDanPerez
@_bromiley
@gleeda
@asfakian
@williballenthin
@2be0nline
@Artilllerie
@malwaresoup
@YusuphKileo
@cliffvazquez
@EchoDaemon
@teddemop
@offethhacker
#NullHyd August meet 1. Often Missed Critical Vulns by @sarwarjahanm 2. Practical Threat Hunting on K8s Audit Logs by @abhinahii 3. Protecting Business through Third-party Risk mgmt by Khaja Nizamuddin Thank you @salesforce for hosting us. @0xmahesh @vhssunny1 @pavanw3b
As you might be aware I'm a huge fan of Amazon EventBridge 😅♥️ Over the past year, I have created some open source projects to help the community extend EventBridge functionality and write tools for development. Here is a list of tools I have written to help you all 👇🧵
Veteran cyber dogs are known for their low tolerance threshold
Another update of my slides about #Malware Analysis Fundamentals - Files > Tools #DFIR winitor.com/pdf/Malware-An…
Dumping Active Directory Domain Info - with PowerUpSQL! blog.netspi.com/dumping-active… via @rightrelevance thanks @directoryranger
I've updated my Security Analyst Workshop slides with a few more tools and services #DFIR #SOC #SIEM #ThreatIntel slideshare.net/FlorianRoth2/s…
My Sysmon config sees the shell/open reg key being written, if you want to alert on this. /cc @cyb3rops
GDA Android Reversing Tool - A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat kitploit.com/2020/02/gda-an…
For those of you using a NV GPU with Volta or Turing chipset, listen up! We hacked our way into the post-48k GPU shared memory region. This improved bcrypt cracking performance by an average of 25%. For instance a GTX2080Ti improved from 42116 H/s to 54770 H/s
RE just retired from @hackthebox_eu As the creator of the box, I tried to bring phishing/macro obfuscation concepts to the initial access. The intended privescs were the WinRar ACE file exploit, and XXE in Ghidra. I'll show two unintended privescs too. 0xdf.gitlab.io/2020/02/01/htb…
#FakeLogonScreen is a C# utility to steal a user's password using a fake Windows logon screen. This password will then be validated and saved to disk. Useful in combination with #CobaltStrike's execute-assembly command. github.com/bitsadmin/fake…
Interesting samples (both signed obfuscated jscripts and drop intermd signed dll, uses couple of lolbins + persistence via UserInitMprLogonScript) ,app.any.run/tasks/cdf91d1a… app.any.run/tasks/d908182b…
New blog post "Analyzing .DWG Files With Embedded VBA Macros" blog.didierstevens.com/2019/12/16/ana…
Passwordless RDP Session Hijacking Feature All #Windows versions korznikov.com/2017/03/0-day-…
Poor man’s persistent threat detection (medium sized enterprises without SIEM) A. Check Antivirus logs (best collected in central loc) > search for keywords (see screenshot) nextron-systems.com/2019/10/04/ant… B. Run LOKI on exposed or suspiciously behaving systems github.com/Neo23x0/Loki
Prevent Legitimate Windows Executables To Be Used To Gain Initial Foothold In Your Infrastructure by @dmargaritis medium.com/@dimitrismarga…
Calling DLL in rundll32.dll exports by ordinal is suspicious - let's create a Sigma rule Rule github.com/Neo23x0/sigma/…
People often get confused about reusable credentials on destinations depending on the Logon type e.g. they say "if I use PsExec, attackers can always dump my creds from memory", which is wrong I recommend you bookmark this page as reference docs.microsoft.com/en-us/windows-…
United States Trends
- 1. Pickens 7.730 posts
- 2. Bengals 18,2 B posts
- 3. Liverpool 247 B posts
- 4. #HereWeGo 3.322 posts
- 5. #QatarGP 151 B posts
- 6. Falcons 9.735 posts
- 7. $CUTO 11,7 B posts
- 8. Kash 1,08 Mn posts
- 9. John Bolton 11,6 B posts
- 10. #LIVMCI 72,2 B posts
- 11. Man City 99,9 B posts
- 12. Najee 1.337 posts
- 13. Cam Taylor N/A
- 14. #GalaxyS24 N/A
- 15. #AskFFT 1.434 posts
- 16. Go Birds 4.992 posts
- 17. Younghoe Koo N/A
- 18. Lando 42,3 B posts
- 19. Geno Stone N/A
- 20. Wray 90,9 B posts
Who to follow
-
Phill Moore
@phillmoore -
Kris McConkey
@smoothimpact -
Dan Perez
@MrDanPerez -
Matt Bromiley (🇺🇸)
@_bromiley -
Jamie Levy🦉
@gleeda -
Andreas Sfakianakis / @[email protected]
@asfakian -
Willi Ballenthin
@williballenthin -
2beOnline.net
@2be0nline -
Artilllerie ☣
@Artilllerie -
Andy Moore
@malwaresoup -
Yusuph Kileo
@YusuphKileo -
Cliff Vazquez
@cliffvazquez -
EchoDaemon
@EchoDaemon -
Ted Demopoulos
@teddemop -
Ethical Hacker
@offethhacker
Something went wrong.
Something went wrong.