Karkas

41 posts

Karkas

Karkas

@CDC_FI

I identify as a Threat

Germany Katılım Nisan 2018
138 Takip Edilen28 Takipçiler
Karkas
Karkas@CDC_FI·
@ShitSecure Ah ok... probably due to legal stuff with closed software. Too bad
English
1
0
0
29
S3cur3Th1sSh1t
S3cur3Th1sSh1t@ShitSecure·
@CDC_FI Nope that won’t improve RustPack 🤔have my own implementation for everything in that repo
English
1
0
0
26
Karkas
Karkas@CDC_FI·
@0xMaz Feel free to copy all the facts to your own documentation. I needed to write that down to understand all the fundamentials. Even the core concept was an absolute highlevel abstract to me... 3 days ago :D
English
0
1
1
19
Mohamed Alzhrani
Mohamed Alzhrani@0xMaz·
@CDC_FI Your explanation is better than mine. You have solid knowledge. I think you can find more tricks. Thank you for your kind words
English
1
0
0
28
Karkas
Karkas@CDC_FI·
@0xMaz Credits go to you exclusively. Impressive research you did there
English
1
0
0
27
Karkas
Karkas@CDC_FI·
@5mukx glad to have you back
English
0
0
0
3
Smukx.E
Smukx.E@5mukx·
I also shared some of my private work identifications like linkedin profile to prove that I'm a vetted professional. Within an hour of submitting, I got my account back. I thank X and their support team for understanding and taking the necessary actions. 3/3🧵
English
3
1
68
2.4K
Smukx.E
Smukx.E@5mukx·
Thank you for everyone who supports me during the incident ! A special thanks @IntCyberDigest, @cr3ghost and many more people for tagging and supporting me, it means a lot to me. Many awesome things are on the way.... Thank you Everyone ❤️ How i got my acc back ? nxt 🧵 1/3🧵
English
30
13
331
19.2K
Karkas
Karkas@CDC_FI·
@TwoSevenOneT Double checked Trellix Agent, too. Works, no updates, no Alert Transmission. Client looks dead in Server Console
English
1
0
1
30
Two Seven One Three
Two Seven One Three@TwoSevenOneT·
New #redteam tool for blocking EDRs: EDRChoker Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events #pentest #cybersecurity Github: TwoSevenOneT/EDRChoker
Two Seven One Three tweet mediaTwo Seven One Three tweet mediaTwo Seven One Three tweet media
English
24
180
758
116.1K
Karkas
Karkas@CDC_FI·
@TwoSevenOneT OK, double checked with another client. It worked against tanium. Maybe more than 20 QoS Policys at the same time are too much. If i only use the few Tanium processes your PoC works against it
English
1
0
1
111
Karkas
Karkas@CDC_FI·
@TwoSevenOneT But to be honest, I´m as surprised as you are since Tanium 7.6 does not have a client side temper protection. I will retest with another client as soon as I have the time
English
0
0
1
40
Karkas
Karkas@CDC_FI·
@TwoSevenOneT Sure, but what do you want to hear. Tanium only consists of two binaries. I added them, rebootet and Client was still able to speak with the Server, Accept incomming request and send Alerts ¯\_(ツ)_/¯
English
2
0
0
85
Karkas
Karkas@CDC_FI·
@HaifeiLi a lot ppl might not know that you can disable certain API Calls with registry Keys/GPOs: #blacklist-configuration" target="_blank" rel="nofollow noopener">adobe.com/devnet-docs/ac… HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cJavaScriptPerms tBlackList=RSS.addFeed|Util.readFileIntoStream ...and you are safe :)
English
1
1
9
721
Haifei Li
Haifei Li@HaifeiLi·
Fun fact about the Adobe Reader 0day: actually, it's the "AdobeCollabSync.exe" ("C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe") process who communicates to the attacker-controller server, not the "Acrobat.exe". Therefore, if you're hunting the threat with your e.g EDR telemetry, you may want to look at that "AdobeCollabSync.exe" process too. #threatintel
English
4
50
259
41.1K
Karkas
Karkas@CDC_FI·
@dcuthbert met him countless times even in the smallest Cons where he held top notch talks and always stopped for questions... true legend. Will never be forgotten
English
0
0
2
485
Daniel Cuthbert
Daniel Cuthbert@dcuthbert·
Everyone today is a hacker in a sense but there are very few OG hackers on which shoulders we stand Oh dude, Felix “FX” Lindner you were so much a hackers hacker and you will be missed RIP my friend and thank you
Daniel Cuthbert tweet media
English
51
134
579
83.3K
Rebane
Rebane@rebane2001·
i built an entire x86 CPU emulator in CSS (no javascript) you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS
English
324
1K
10.1K
1.1M
Karkas
Karkas@CDC_FI·
@5mukx Dood it´s 2026... who cares about userland hooks?
English
2
0
12
2.1K
Florian Roth ⚡️
Florian Roth ⚡️@cyb3rops·
The firewall blocks it; headline calls it cyber war Call it: blocked requests, scans, probes, bot traffic
Florian Roth ⚡️ tweet media
English
10
3
52
5.9K
Karkas
Karkas@CDC_FI·
@yarden_shafir Once you reach the level "I´ve forgottn more stuff than the average Junior level Analyst knows" you enter the realm of the true masters
English
0
0
1
54
Yarden Shafir
Yarden Shafir@yarden_shafir·
Spent all morning debugging an issue. Eventually found the answer in a blog post. That I wrote. 5 years ago.
English
15
8
201
15.8K