APTeeb0w

"Red team" has become a catchall term. Some vendors mean pentesting. Others mean compliance theater. None of that tells you what actually matters: Would you detect an attacker once they're already in? @Ne0nd0g breaks it down ⤵️ ghst.ly/4uk1qaj

(QR) Coding My Way Out of Here: C2 in Browser Isolation Environments @googlecloud cloud.google.com/blog/topics/th…

@HackingLZ Meanwhile in Belgium: new law allows ethical hackers to hack any Belgian company, no prior consent required vrt.be/vrtnws/en/2023…

Free marketing for redteam fit?

@dez_ @arekfurt @shotgunner101 Correct!

@arekfurt @shotgunner101 Seems like they had no direct evidence of exploitation through this vector. They saw the ldap query, which (through some great detective work) led to discovery of the bug. But never confirmed this was used by apt29

Very interesting, and a little confusing. Apparently, Mandiant is saying (albeit a bit clumsily) the SVR/APT29 was actually exploiting as a 0day this nifty AD Credential Roaming vulnerability that was patched in Sept. to gain code execution on any machine a victim logged in on.

@arekfurt Author here. We did not observe APT29 exploiting this vulnerability, only querying the LDAP attributes. The LDAP query triggered me to look into Credential Roaming as a whole, which led to the discovery of the 0day.

@NotMedic @subtee Yup support.microsoft.com/en-us/topic/de…

Is there a way to force SmartCard authentication at the server level for Windows? Say you have a domain group in the “Remote Desktop Users” group and one account is not SCRIL enforced. Can you deny it RDP access? I dug for something like a SID to add to a group but no luck so far

Scared of ransomware in your OT environment? Check out @Mandiant's latest blog post for insight in how we do adversary simulation and how our Red Team emulated #FIN11 TTPs to pivot through the enterprise IT network to gain control over the ICS environment! mandiant.com/resources/mand…

@HackingLZ @IKEAUSA The MICKE drawers are a pretty good replacement (without the casters)

Things I never thought I would be upset about @IKEAUSA being out of Alex drawers. The plan was to upgrade my office and do a couple of those Ikea hack desks but hey no Alex drawers. Random reddit posts claiming there will be a replacement model in April.