Gleb Gritsai

1.3K posts

Gleb Gritsai

@repdet

参加日 Eylül 2009

222 フォロー中440 フォロワー

Gleb Gritsai がリツイート

kl_secservices@kl_secservices·31 May

Sharing highlights from incident response cases in 2022 by @AymanShaaban in brighttalk.com/webcast/18657/…. You can get the slides github.com/klsecservices/… and the analyst report github.com/klsecservices/… #dfir #incidentresponse

English

443

Gleb Gritsai がリツイート

0xDesigner@0xDesigner·2 Nis

GIF

1.2K

40.3K

2.2M

Gleb Gritsai がリツイート

Josh Kamdjou@jkamdjou·29 Mar

This works on Windows 11 and both Gmail and MSFT will let it through to the inbox. Confirmed by @amitchell516 and @samkscholten New detection/hunt rule is live for this, which looks for UNC paths inside URL file attachments (h/t @amitchell516!): github.com/sublime-securi…

David. 🏴󠁧󠁢󠁳󠁣󠁴󠁿@fuzz_sh

@awakecoding .url is great. The file doesn't even need to be opened, if you can get a user to download it and they go to delete it, just opening the Downloads folder sends the hash :D

English

112

42K

Gleb Gritsai がリツイート

Georgi Gerganov@ggerganov·31 Mar

You still need to "train" it on the specific keyboard and you need to have sort of "ideal" conditions, but yeah -- it's a fun tool :) Give it a try if you have a mechanical keyboard. There are examples you can run directly in your browser via WASM

f4mi ‼️@f4micom

github.com/ggerganov/kbd-… this tool lets you extract text from an audio recording of keyboard strokes, right now, for free i am not making this shit up, you can potentially steal a password from an audio recording in an office

English

181

46.6K

Gleb Gritsai がリツイート

Zion Leonahenahe Basque@mahal0z·29 Mar

I'd like to publicly introduce BinSync, a cross-decompiler collaboration tool and suite. With BinSync, you can finally share reversing data, like Types, across all your favorite decompilers (IDA, Binja, Ghidra, angr) on-the-fly. github.com/binsync/binsync. See thread for demos.

English

262

31.7K

Gleb Gritsai がリツイート

Prof. Feynman@ProfFeynman·29 Mar

There are two rules in life: 1) Never give out all the information.

English

339

3.8K

25.7K

3.6M

Gleb Gritsai がリツイート

Alex Plaskett@alexjplaskett·26 Mar

Interesting paper on finding and exploiting vulns within H.264 decoders: wrv.github.io/h26forge.pdf

English

133

27.8K

Gleb Gritsai がリツイート

IAM!ERICA@EricaZelic·21 Mar

🧵Some of my favorite LDAP queries. I let you all infer which tools to use them with. Most of these are from places around the web, nothing new. Just a list. 1. Find all DCs: (&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))

English

112

455

65.1K

Gleb Gritsai がリツイート

Nicolas Krassas@Dinosn·20 Mar

Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes github.com/Ciphey/Ciphey

English

254

928

118.5K

Gleb Gritsai がリツイート

Charlie Clark@exploitph·14 Mar

My latest research which completely breaks trust transitivity, enjoy :-) exploit.ph/external-trust…

English

177

385

48.1K

Gleb Gritsai がリツイート

MDSec@MDSecLabs·15 Mar

We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: mdsec.co.uk/2023/03/exploi… by @domchell

English

410

816

302.7K

Gleb Gritsai がリツイート

Necromancer@ZeroMemoryEx·26 Şub

New AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it, Check it out. #amsi #redteam #cybersecurity github.com/ZeroMemoryEx/A…

English

185

494

59.1K

Gleb Gritsai がリツイート

Beau@wirebytes·23 Şub

Zero Trust is a security strategy. It is not a product or a service, but an approach in designing and implementing the following set of security principles: - Verify explicitly - Use least privilege access - Assume breach Updated Information here: lnkd.in/g5UmGgEm

English

3.8K

Gleb Gritsai がリツイート

Grzegorz Tworek@0gtweet·23 Şub

Need an almost invisible, post-exploitation, persistent, fileless, LPE backdoor? There are many, but this one looks really beautiful for me: type "sc.exe sdset scmanager D:(A;;KA;;;WD)" from an elevated command prompt.

English

367

1.3K

302.4K

Gleb Gritsai がリツイート

0xor0ne@0xor0ne·21 Şub

Cool blog post by @xilokar on embedded devices reverse engineering, ARM TrustZone and secure boot bypass blog.xilokar.info/firmware-key-e… #iot #embedded #infosec #cybersecurity #hacking

English

245

28.4K

Gleb Gritsai がリツイート

Timur Yunusov@a66ot·23 Oca

Check out the latest articles from the Payment Village blog paymentvillage.org/blog : 1. How I used deepfakes to bypass security verifications in a bank. My first experience with hacking ongoing due diligence checks using deepfake and ML.

English

2.5K

Gleb Gritsai がリツイート

0xor0ne@0xor0ne·24 Oca

Very cool series by @__pberba__ about persistence in Linux environments Persistence map: pberba.github.io/assets/posts/c… Auditd, Sysmon, Osquery: pberba.github.io/security/2021/… Account Creation and Manipulation: pberba.github.io/security/2021/… #Linux #kernel #malware #infosec #cybersecurity

English

189

483

53.7K

Gleb Gritsai がリツイート

raptor@0xdea·8 Ara

Sniffing SSH passwords TL;DR # pgrep -l sshd 6235 sshd # strace -f -p 6235 -e trace=write -o capture networklogician.com/2021/04/17/sni…

English

217

806

Gleb Gritsai がリツイート

Adam Sawicki@Reg__·11 Eki

"Hello World under the microscope" - an article we wrote together with @gynvael and @j00ru! Originally published in issue 100 (1/2022) of the Programista magazine, now available online in Polish and English. asawicki.info/articles/Hello…

English

264

ディスカバー

@AymanShaaban @amitchell516 @samkscholten @domchell @xilokar @__pberba__ @gynvael @j00ru