Marcelo

We're naming names 🔥 because the harm is not hypothetical. Today we share "Buying Spying", our new report diving into the commercial surveillance/spyware industry. We dive into the players, the campaigns, the spyware, & the harm it perpetuates. blog.google/threat-analysi…

Anyone hanging around too? :D

@SkelSec Congratz! 🤘

Look what came in the mail today

@SkelSec That’s probably your best tweet..🤣🤣

Client wants to sit next to me on a pentest

@stfn42 @Ministraitor That was quick 😅🤘🏻

@NinjaParanoid I’m in 😏

@_xpn_ Ban yourself from those TTPs (until you really run out of time.. :D)

Do any Red Teams have any techniques/tips for avoiding always using the same old TTPs? Each assessment I try and use something new (where possible) but interested in any tips that others have that work.

@_nwodtuhs @harmj0y @1ns0mn1h4ck Good talk and great slides! 👍

Here are the slides for my talk « Delegating Kerberos to bypass Kerberos delegation limitation » 😈 at @1ns0mn1h4ck #INS22 #talk" target="_blank" rel="nofollow noopener">thehacker.recipes/ad/movement/ke…

I thought the Messiah would come faster than this. Microsoft to disable macro by default in Excel 4.0

@domchell @TheXC3LL @MDSecLabs Good catch :D

Very happy to welcome @TheXC3LL to the @MDSecLabs family today, looking forward to great times 🥳

@jmoosdijk That’s handy! 🙏🏻

Ever not 100% sure if a Cobalt Strike command uses Fork&Run or executes code within a Beacon process (i.e. BOF)? This simple aggressor script helps you by colouring commands based on their type: github.com/outflanknl/Hel…

@commial Yes, the first 5 bytes of headers are also clear for me, the other ones still not so much. I'll try to find a simple example to analyze and figure out the rest. 👍

@spamv You can start from sigtree_init_module, which registers handlers for SIGTREE, SIGTREE_BM, SIGTREE_EXT. You'll see the first 5 bytes are "headers". +3 is what I interpret as the tree number, +5 a potential string, etc.

Documenting (part of) VDM, the Windows Defender signature format: github.com/commial/experi… Includes example of signature evasion and hourly updates diffing :)

@commial Thanks! Yes, I saw that they can store on or multiple tree signatures in each sigtree but I still didn’t figure out how to interpret the structure of a single one.

@spamv Unfortunately, I don't know for sure. You likely already noticed that SIGTREE entries are used to (suprise!) implement a signature tree. My guess is that SIGNATURE_TYPE_SIGTREE_BM is used to give some leaf. Also, BM_* are ref as attributes in analysis (MZ, JPG, events, ...)

@positive_sec @byt3bl33d3r Hello new covert C2 channels 😁

Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices: positive.security/blog/send-my

I found some design and implementation flaws in Wi-Fi again. All Wi-Fi devices are affected. It was a long ~9 months embargo, over this time a lot of info has been collected and that info now available at fragattacks.com

Pretty cool research @commial . I was just taking a look on the same stuff. Thanks for sharing!!

Github is revising its policies for offensive security related content. Time to make your voices heard! github.com/github/site-po…

This looks veeeery nice. I need to test it asap. Thanks for sharing man! 👍

🇨🇭DC4131 VirtualCon the recording of @angealbertini ‘s talk Timecryption - Friendly Today, Evil Tomorrow is now available @ youtu.be/liancIA1m9w Slides are @ speakerdeck.com/ange/timecrypt… thank you everyone who joined