Balthasar retweetledi
Balthasar
65 posts
Balthasar
@BalthasarMartin
Red team lead @ https://t.co/fkrENrHmF5 @[email protected] (he/him)
Katılım Kasım 2017
241 Takip Edilen214 Takipçiler
Balthasar retweetledi
Catching up with my watch list. Good stuff from @n1v4d0 and @BalthasarMartin at #Troopers24
youtube.com/watch?v=Gmtwtw…
> Effective honeypots are easily encountered and suggest a worthwhile attack path
Honeypots should:
- Be easy to find
- Appear valuable
- Blend in
- NOT be exploitable
- Minimize false positives
YouTube
Balthasar@BalthasarMartin
Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have. Blog: srlabs.de/blog-post/cert… Source code: github.com/srlabs/Certice… Slide deck, including our guide to deception strategy: github.com/srlabs/Certice…
English
Balthasar retweetledi
This was a phenomenal talk by @sapirxfed.
Sapir shared her deep expertise in a clear, easy-to-understand way, and shared a great demo of some practical and super-valuable tooling she created as well.
I highly recommend watching the recording when you can.
Dr. Nestori Syynimaa@DrAzureAD
Morning starts with LDAP guide by @sapirxfed at @WEareTROOPERS
English
Balthasar retweetledi
@_wald0 and @Jonas_B_K dropping great info on ADCS attack paths at #troopers.
Jonas looking particularly great in that shirt 😉
English
@Jonas_B_K @_wald0 Shout-out to @PyroTek3 for his still-relevant blog post on AD honeypots. We included quite a few ideas from here in our talk!
hub.trimarcsecurity.com/amp/the-art-of…
English
Here's how the ESC1 honeypot looks for hackers.
... which is the connection to the great ADCS attack path talk by @Jonas_B_K and @_wald0 :)
English
Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have.
Blog: srlabs.de/blog-post/cert…
Source code: github.com/srlabs/Certice…
Slide deck, including our guide to deception strategy: github.com/srlabs/Certice…
English
Less than two days until we present our deception strategy at #TROOPERS24 and publish the Active Directory honeypot we always wanted to have.
Let's say there is an interesting connection to the talk from @Jonas_B_K and @_wald0...
English
Balthasar retweetledi
A big thank you to our Review Committee @BalthasarMartin @parzel2 @vinulium and Luca Melette. We now have an amazing schedule featuring their favourite talks which you can check out on bsides.berlin
#BSidesBerlin #appsec #infosec #BSides
English
Balthasar retweetledi
Looking forward to Bsides Berlin tomorrow @ c-base.
I hear you can still get tickets?
bsides.berlin
English
Balthasar retweetledi
#BSidesBerlin Speaker Showcase
EDRs are everywhere but relatively little is known about how the tools work and how to effectively circumvent them. @jrrgimenez will discuss insights on EDR inner workings and evasion options gathered over years of intense red teaming.
English
Youtube just placed this crypto scam live stream in my main feed.
It autoplayed while I scrolled over it and shows a legit discussion with the scam part next to it. Domain registrar and IP in Russia.
No idea whether that's usual or a rare thing to have it so prominently...
English
Balthasar retweetledi
Die Vorratsdatenspeicherung steht wieder vor der Tür. Also haben wir uns mal Gedanken gemacht, ob und wie man vollständig anonym mobil online sein kann.
Whitepaper
github.com/srlabs/blue-me…
Open Source Project for OpenWRT
github.com/srlabs/blue-me…
Deutsch
If you liked our blog post on exploiting Telerik CVE-2017-9248, (srlabs.de/bites/telerik-…) but were missing a tool: someone created one based on our post.
Now that it's out, maybe we should publish our version as well... :)
Black Lantern Security (BLSOPS)@BlackLanternLLC
Crypto-oh-my-god! @paulmmueller is at it again! What's old is new with Telerik exploits! A new tool release! Check out our write up on a new exploitation tool! blog.blacklanternsecurity.com/p/yet-another-…
English
@BlackLanternLLC @paulmmueller About publishing exploits, imo there's no right or wrong. In that case we decided against it for above reasons.
- You couldn't reach us -> Not sure what channels you used, we're usually happy to help others in the community. Can you send me a DM, I would like to check :)
2/2
English
@BlackLanternLLC @paulmmueller Great post and thanks for the credit! I'm the red team lead at SRLabs, regarding your questions:
- Not publishing the exploit, but detailed info -> We wanted to share risk and knowledge, but not enable criminals too easily 1/2
English
Crypto-oh-my-god! @paulmmueller is at it again! What's old is new with Telerik exploits! A new tool release! Check out our write up on a new exploitation tool!
blog.blacklanternsecurity.com/p/yet-another-…
English
I know a lot of hard work went into this @jrrgimenez and it turned out great. Congrats!
Security Research Labs@SecReLabs
The slides and video for our #HITB2022SIN talk where @jrrgimenez and Karsten explained and tested different EDR evasion techniques are now available. conference.hitb.org/files/hitbsecc… Here's a summary 🧵
English
@HonkHase @GossiTheDog Laut Comments passiert die Interception lokal für Malware-Detection und der Traffic ins Internet benutzt normale Zertifikate.
Weiß sonst nichts über NordVPN und man kann davon halten, was man will, aber ist vlt ne relevante Info :)
Deutsch
