mrblacyk

Another project of transforming @SANSInstitute "Evidence of..." poster into #GTFOBins and #LOLBAS alike website. Meet Evids! evids.dfir.tips Also, I've added a top menu bar to quickly switch to WinProcs 😌 #blueteam #DFIR #DFIRTips #IncidentResponse #DigitalForensics

Dieselgate, but for trains - some heavyweight hardware hacking. badcyber.com/dieselgate-but… Story about trains that broke down and analysis that discovered it was not a coincidence.

Achievement unlocked: Cracking a train @q3k/111528162462505087" target="_blank" rel="nofollow noopener">social.hackerspace.pl/@q3k/111528162…

⚠️SANS released their new Memory Forensics class (FOR532). As @SANSInstitute talk about #volatility 3 in this class and to comply with the vol3 license: ‼️SANS published all @volatility 3 related content for free! Slides:sansorg.egnyte.com/dl/hKUKAN7ZDT Labs:sansorg.egnyte.com/dl/u5Tlhm9qk9 #DFIR

so... flipper zero is now forbidden on hand luggage across uk airports. just got mine seized by security. ffs!

August 2023 (version 1.82) of Visual Studio Code now supports Port Forwarding to allow easier access from Threat Actors. inb4 Visual Studio Code as a C2? Very cool 👍 More information: code.visualstudio.com/docs/editor/po…

Hit ENTER 60 times per second to take control of TPM-protected Ubuntu Linux 20.04 during boot.

Add "auth sufficient pam_tid.so" to /etc/pam.d/sudo and never type a sudo password again pam_tid.so + Magic Keyboard with Touch ID = 😘

Google Dork - Sensitive Info inurl:email= | inurl:phone= | inurl:password= | inurl:secret= inurl:& site:target[.]com Emails/phone#s/tokens commonly cached directly in Google

The $5 Membership sale is now live! The sale lasts until July 17 23:59 UTC: account.shodan.io/billing/member

No, it was not a joke. "Our paying customers need X, when will you fix it?" may not be the best way to introduce yourself to an open source project. #TodayInOpenSource

This is so cool, thanks @FBI 😊

* People ask LLMs to write code * LLMs recommend imports that don't actually exist * Attackers work out what these imports' names are, and create & upload them with malicious payloads * People using LLM-written code then auto-add malware themselves vulcan.io/blog/ai-halluc…

This repository contains all the Incident Response Playbooks and Workflows of Company's SOC. gitlab.com/syntax-ir/play…

🚨 Woah. Crazy new research paper I just read. Remotely and inaudibly issue commands to Alexa, Siri, Google Assistant, etc. "allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing)" 🔊

Did you know we can block gTLDs (and FQDNs) with Windows Firewall and Defender for Endpoint? 💡 This might be helpful if someone started selling TLD's you'll never do business with ;) Go to intune.microsoft.com under Endpoint security - Firewall, Reusable settings, click Add

It's official! Mythic 3.0 is LIVE! Check out the blog post about it here: posts.specterops.io/c2-and-the-doc…. Highlights include: rpfwds, graph groupings, jupyter notebook, custom webhooks, tags, docker updates, and an entirely new back end!

I am proud to announce the release of #BloodHound 4.3! Release blog post: medium.com/p/5795cbf535b2 Limited edition T-shirt: customink.com/fundraising/sp… Get BloodHound 4.3 NOW at bit.ly/GetBloodHound

@SwiftOnSecurity GE? shouldn’t be TS? ;-)

I GOT YOU ROBOT HUMANS REMAIN S TIER

If I was going back in history and could only have one thing I'd take the recipe for Gatorade/ORS then utterly dominate Europe militarily

🧵Some of my favorite LDAP queries. I let you all infer which tools to use them with. Most of these are from places around the web, nothing new. Just a list. 1. Find all DCs: (&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))

#PingCastle 3.0 released !!! pingcastle.com/download/ Active Directory & AzureAD security health check in seconds >200k AD audited, management readable, no install, no admin, no data sent "to a cloud" Example of report: pingcastle.com/PingCastleFile… github: github.com/vletoux/pingca…