apsec

@techspence what tool would you use to scan your file server shares for clear-text credentials (as a sysadmin). as a pen tester I'd use something like CME : )

My goto AD toolbelt: PowerView (custom) PrivescCheck (custom) PingCastle ScriptSentry Spray-Passwords (custom) SpoolSample secretsdump[.]py AMSI Bypass (custom) bypass-clm (custom) ADExplorer ADeleg Rubeus Certify BloodHound/SharpHound Locksmith SharpSCCM Inveigh PowerUpSQL Nmap

Cyber risk is a core business risk. In the modern era, when systems fall, the enterprise falls. Protect security, for it is the foundation on which all operations stand.

@anulagarwal spotlight search works

Apple is a $3.7 trillion company yet can't fix their search Pretty annoying tbh

@BasilTheGreat *for encrypted devices like iPhones and android devices with encryption enabled

@BasilTheGreat they need your password/passcode to unlock the device first

🚨BRITISH POLICE HAVE THE ABILITY TO DOWNLOAD DATA FROM YOUR PHONE WITHOUT A PASSWORD In the next stage of authoritarian hell we are to endure British Police are proud to show just how easy they can see everything on your phone without login details Privacy has gone

@UK_Daniel_Card Chemtrail

Is it a bird? 🐦

@UK_Daniel_Card @ask2Huma 😂

@ask2Huma No

Can i follow you? Yes or no

💡TaskHound: Tool to enumerate privileged Scheduled Tasks on Remote Systems GitHub: github.com/1r0BIT/TaskHou…

@UK_Daniel_Card this in house software? looks jazzy

how many orgs can show traceability between asset, threat, risk and control? other than in an ISO template risk assessment type fashion....

@cyber_razz b

SECURITY+ KNOWLEDGE CHECKPOINT Which security control is designed to detect malicious activity after it occurs but does not prevent it? A) Firewall B) IDS C) IPS D) NAC

@UK_Daniel_Card seen this time and time again uk orgs using remote web workspace / terminal server just implement mfa ffs it isn’t that difficult

want to see how orgs get pwn3d? 1) valid creds obtained via brute force/dictionary attacks, bought, or via phishing etc. Then entry to exposed internet services e.g. RDP, Citrix, VMware, VPNs > A global media & entertainment company entry was via RDP > The British Library was via RDP > A UK Council was via RDP I see this with smaller orgs as well... Other UK orgs... entry via VPN with no MFA. This is really common! Once inside the journey is often: High privileges from the start Simple AD privesc e.g. kerberoasting

@OhmSecurities try covertswarm brother, class outfit

Well that sucked. Yours truly is looking for work - reputable red teamer, pentester with 10 years experience. OSCP/GRTE certifications, also have experience with threat intelligence. Ex-JPMC/Optiv/TrustedSec

@bryan_johnson Pea protein

Please share your worst life advice.

@UK_Daniel_Card Ahahahaha CISSPs 😂

most people are not insufferable ***** in this industry but when they are: they are usually ex mil red teamers.... or CISSPs.... but usually one of the other (or both!)

@UK_Daniel_Card 0.05% of annual revenue

What percntafe of IT budget do you think orgs spend on penetration testing, purple teaming and red teaming? Explain ur answer…. Please

Like Evilginx? Like GoPhish? Check out github.com/fin3ss3g0d/evi… It even has the ability to leverage CloudFlare Turnstile for stopping bots and some new phishlets for O365, KnowBe4, and Cisco VPN.

"Skidaddle Skideldi - I just pwnd your PKI " #pentest #redteam #infosec luemmelsec.github.io/Skidaddle-Skid…

CrackMapExec can now export share results in case you are scanning a /24 or /16 🔥 Thanks to @gray_sec for the PR 🚀

@ZephrFish @YoSignals @jamesjguthrie Second mythic!

@YoSignals @jamesjguthrie There are far superior open source tools these days, it seems, Sliver & Mythic, to name a few :)

@_MG_ @Secnewsbytes

Lots of screenshots going around about Uber but this one shows how wide the hack is. "Security Response Break Glass Service Account" password 🔥

😂😂😂😂😂😂 I miss when this kind of thing was the norm. Do more of this please!