chris

#HITB2023AMS HITB LAB: Developing Malicious Kernel Drivers - Tijme Gommers - conference.hitb.org/hitbsecconf202… cc @tijme

@shDaniell @0xTib3rius Ah yes… it’s clearly been too long 😂

@cottow @0xTib3rius Except A is 41

Does anyone know why port 4444 was chosen as the default port for reverse shells in Metasploit? No real reason to ask other than curiosity since for a lot of us it's the goto port we use when solving boxes. 🤔

Ons logo lijkt wel perfect gemaakt voor deze plek op @nyckdevries zijn helm… nog maar 2 weken en dan barst het weer los! #F1

@jankeesvw Interesting. What header field is used to match mails to a common thread? Or does it work differently?

For a personal hobby project I’m building my own email client. The most rewarding thing so far is that I now understand how email threads work.

@_dariussimpson What you can plan for is too small for you to live in - David Whyte

what’s a random line of poetry you say aloud or in ya head from time to time unprovoked?

The stolen data from LastPass is actively being decrypted and exploited. People with secrets keys for crypto wallets & login data to online wallets are being plundered. If you had your secret keys in LastPass, move your funds now, changing your password does NOT help.

Why Apple’s announcements today are a big deal, a thread. 1/

Northwave has conducted research into the psychological effects of a ransomware crisis on people involved in mitigating a ransomware attack. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. northwave-security.com/wp-content/upl…

I love this blog post from @Northwave_Sec. I cover some of this in my ransomware recovery talk. Taking care of your people during ransomware (and other) IR is really important, I see a lot of burnout and resignations after a ransomware incident. northwave-security.com/en/blog-after-…

Yesterday we presented our research on the mental impact of ransomware attacks on people at victim orgs at #one2022. This topic deserves much more attention than it's getting, happy to see awareness rise. Blog at northwave-security.com/en/blog-after-… , paper with stats will be published soon

Pretty cool blog post about how to deploy and test Azure Sentinel monitoring rules at scale! northwave-security.com/soc-testing-mi…

These 'Beach Animals' were created by Theo Jansen as a fusion of art and engineering. The kinetic structures walk on their own and get all their energy from the wind.

Cobalt Strike BOF foundation for kernel exploitation using CVE-2021-21551. In its current state, as a PoC, it overwrites the beacon token with the system token (privesc). github.com/NorthwaveSecur…

I worry that the current belief/practise that the only way to get into pentesting is via certs is having a weirdly damaging side effect. 🧵

Any incident responder saying "DO NOT PAY A RANSOM" is hurting their customers. Paying (or not) should be a risk-informed business decision, pure and simple.

@KimMaida Adobe Flex is the future of webapplications

I dare you to demonstrate how old you are in "developer years" in one sentence without stating any actual years

RFC 9225: Software Defects Considered Harmful, J. Snijders, et al., rfc-editor.org/info/rfc9225, This document discourages the practice of introducing software defects in general and in network protocol implementations specifically. 1/2

Het blijft verbazingwekkend dat Jan geen hypotheek krijgt waar hij €1000 euro p.m. voor zou moeten betalen, maar hij wel €1500 huur mag betalen aan huiseigenaar Kees. Jan lost de hypotheek van Kees af, maar wordt niet in staat geacht zijn eigen hypotheek af te kunnen lossen.