Andy Morales

Check out my new blog breaking down #GOOTLOADER malware and how it has evolved this year. #GoogleCloud #Mandiant #Malware googlecloudcommunity.com/gc/Community-B…

The #GOOTLOADER #decoder now parses the scheduled task properties and dropped files. #UNC2565 #Mandiant github.com/mandiant/gootl…

Updated the #GOOTLOADER #decoder to address errors produced by recent samples. github.com/mandiant/gootl… #UNC2565 #Mandiant

Check out our new blog about GOOTLOADER and notable changes to the TTPs by #UNC2565. We are covering the various methods used by the malware to obscure its code, as well as provide scripts that can automate the deobfuscation process. #GOOTLOADER #Mandiant mandiant.com/resources/blog…

@el_jasoon @NinjaParanoid It looks up a special host name which disables DoH support.umbrella.com/hc/en-us/artic…

@NinjaParanoid Our web filter at work somehow still works with this enabled. I'm really curious how. By IP? But seems like a dying way with there no longer being a 1:1 relationship between domain names and IPs.

What the hell? Am I the only one who came to know so late that there is DNS Over HTTPS option in Firefox to prevent DNS leak? #FML

@cts_technology @thecybermentor Yubikey

@thecybermentor 2FA is such a PITA unless you have faith in your cell phone. If you don't, what do you do?

@slippyfox @DirectoryRanger techcommunity.microsoft.com/t5/networking-…

@DirectoryRanger That just takes me to the Networking Blog landing page:

TCP Templates for Windows Server 2019 - How to tune your Windows Server Transports (Advanced users only ??) blogs.technet.microsoft.com/networking/201…