What.

@Malcoreio @vxunderground Here is a comment

We're doing a HUGE giveaway. We're giving away 20 copies of Black Mass Volume II by @vxunderground and 2 free paid plans (1 Analyst plan, 1 Cyber Analyst plan). In order to win, comment below until Sept 27th 2023 (one week and winners will be selected). This giveaway would not be possible without the generous donation from @Laughing_Mantis. Everyone thank them as well.

Bro is trynna to start a cyber warfare💀 youtube.com/shorts/vwcCBFQ…

the SOC when an alert for suspicious powershell usage hits the queue

Doom RPG at last, finally on PC as promised years ago come true today. You can play it now, download link from Doomworld : doomworld.com/forum/topic/12…

@SwiftOnSecurity youtube.com/watch?v=jXiiul…

*notices you from across the room* *begins orbiting*

@jasonhillva @SerpicoProject Have a look at: #title-tools-collaboration-report" target="_blank" rel="nofollow noopener">inventory.rawsec.ml/tools.html#tit…

Is @SerpicoProject dead or is it still active? Is there a better alternative that is also free? I've used it in the past and was thinking about incorporating it into my current program.

Besides BloodHound from @_wald0 + @SpecterOps and PingCastle from @mysmartlogon, what other open source or free tools should every organization be running on a regular basis?

As promised: 10k follower giveaway! Simply retweet this post and make sure you're following us to enter. Winner will be chosen tomorrow, January 25th.

Here's some recently published guidance from Trimarc on how to better protect admin credentials and mitigate ransomware impact: trimarc.co/tw-ProtectingP…

I'm releasing my tool to exploit AD CS relaying. It will automate most the steps required for both local and domain privilege escalation. The images below show how it can be used to get a beacon as system on a domain controller.

My lockdown project last year was to build a toolkit to help organisations break attack chains and better defend against lateral movement. I've very proud of what we've achieved with Access Manager. LAPS and JIT for AD-joined hosts made easy, secure, and auditable.

Restricting SMB based lateral movement in a #Windows environment. Lessons learned from work with the @SpecterOps team; drawing from previous posts by @mattifestation, @Haus3c, @cryps1s, @harmj0y & Mr SMB himself @NerdPyle bit.ly/SMB-lateral-mo… #redteam #blueteam #infosec

For Windows Event Collection with no agents on the machine, LogBinder SuperCharger is the coolest software. I even got them to add all the Palantir event collection profiles by default. You could implement NSA-compliant collection in a few hours for a whole domain, load-balanced.

Or you can jump on the beta of Access Manager, the next generation of laps web - Lithnet Access Manager github.com/lithnet/access…

Trickbot Still Alive and Well ➡️Discovery: AdFind, Nltest, Net, Bloodhound, PowerView ➡️Lateral Movement: SMB, WMI, PS ➡️C2: Trickbot & Cobalt Strike ➡️Credential Access: Ntdsutil & lsass dump ➡️PrivEsc: Named Pipe ➡️Defense Evasion: Trickbot->Wermgr thedfirreport.com/2021/01/11/tri…

Here's a threat on some overpowered technologies to slow down attackers that you can implement _now_. First, re-implement LAPS (microsoft.com/en-us/download…) at your peril. 1/14

There is only one Doom pillow and two of us 👉👈

Morrowind completely rebooted your Xbox during some loading screens: bit.ly/33Oo4wM

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.

Let's talk Azure AD join and what that means to a Windows device. What's it mean to be joined to something?