Strassi

Yup. That's exactly what happened. Account reinstated @briankrebs@infosec.exchange

@Suricata_IDS Is this going to be recorded and published anywhere?

Don't miss today's webinar: Detecting Lateral Movement in Microsoft Environments! It all starts at 11am Eastern Time/5pm Central European Time. Register now: tinyurl.com/2wzzbu39 Review Part 1: tinyurl.com/33ez8n85

@cyb3rops You can find some Log line from a fortigate in a reddit post. I'm not 100% sure about this IoC ... seems to be an IoC for a logon?! reddit.com/r/fortinet/com…

For me and many other analysts it’s always: “Blah blah, critical vulnerability, blah blah install patch now, blah blah some kid published a PoC [great] blah blah … were’s the god damn information on how to detect a compromise? Where are the indicators?” helpnetsecurity.com/2022/10/11/cve…

So it begins ... github.com/kevibeaumont <-- fake exploits and impersonating @GossiTheDog ?

@GossiTheDog Lets assume a breach. How can I sift my logs for IoCs? I checked github.com/ncsgroupvn/NCS… <-- you guys think its legit?

@cyb3rops @malmoeb @TheDFIRReport I need your help for my master thesis. I currently looking for resources on detection opportunities besides the windows event log on windows. Any Hints/Papers/Projects (something like @OSSEM_Project would be awesome).

@0sm0s1z I think a future vuln scanner should enable users to measure or guide the effectiveness. The new EPSS model might be worth reading: first.org/epss/model I would like to define my risk acceptance and have EPSS to guide my patch efforts on found vulnerabilities.

I've been working on a thing... If you had an open source general-purpose vulnerability scanner. What would you need it to do?

15 members of REvil has been arrested by the Russian authorities. REvil, once dubbed the "Crown prince of Ransomware", was responsible for the Kaseya supply chain attack, and many other high-profile breaches. Footage courtesy of the FSB.

@cyb3rops what are your favorites?

Humble Bundle - Hacking Books - November 2021 It contains some of my favorites and some new additions - as always great value for money humblebundle.com/books/hacking-…

@OverTheWireCTF Advent Bonanza 2021 ?!

@haveibeenpwned Does the breach contain passwords or does it not? Can someone clarify this situation for me?

New breach: Epik had 180GB of data breached last week including 15M unique email addresses (both customers and scraped WHOIS), names, phone nums, physical addresses, purchases and passwords in various formats. 52% were already in @haveibeenpwned. More: arstechnica.com/information-te…

@cyb3rops @certbund @CERT_at how do you size your windows client event log files? Would you agree with the (old) microsoft calculation? #maximum-log-size-kb" target="_blank" rel="nofollow noopener">docs.microsoft.com/en-GB/previous…

@Chronopost my parcel is not moving. There seems to be a problem with my address. Pls reach out to me

@TheDFIRReport Can you tell me, what tools are you using to create your timelines and graphs?

Sodinokibi (aka REvil) Ransomware ➡️TTR: 4 hours ➡️Initial Access: IcedID ➡️Discovery: nltest, net, wmic, AdFind, BloodHound, etc. ➡️PrivEsc: UAC-TokenMagic & Invoke-SluiBypass ➡️Defense Evasion: Safe Mode & new GPO ➡️Exfil: Rclone ➡️C2: CobaltStrike thedfirreport.com/2021/03/28/sod…

I swear, if anyone releases 1 more AD exploit/relay/bypass/LPE/whatever in the next 2 weeks my head is literally going to explode.

@004ffca @cyb3rops This way it is possible to search related content of a CVE with a single click on its hashtag. Easier to use.

@cyb3rops But why?

Dear Twitter & InfoSec community, could we start tagging CVEs without the dashes, so that #CVE-2021-35211 becomes #CVE202135211 ? That would be great, Thanks

@GossiTheDog LPE and lateral movement on beachhead hosts; for sure. Is a standard user able to authenticate against a domain controllers RPC Print Spooler Service?

@Lee_Holmes yummy!

The 4th edition of the PowerShell Cookbook is now available! This is a huge update, covering all the cool new things in PowerShell 7 and dropping what is no longer relevant. If you've been wanting to "get into that PowerShell thing", now's your chance :) amzn.to/3qpjHmH

@bad_packets Is any particular CVE scanned or just the portal existence?