Vikas Singh

@guyrleech @DirectoryRanger yeah apologies, I'm not sure how .js landed up on that link but with the gist opens up without it! Thank you 💖

@DirectoryRanger The link to ExtractAllScripts.ps1 from @vikas891 is a .js file??

Reconstructing PowerShell scripts from multiple Windows event logs #DFIR news.sophos.com/en-us/2022/03/…

dude 😐

Thank you for the feature 🤗🫂

Happy Republic Day, #India! From Russia with love ❤️ #RepublicDay2024 #RussiaIndia #дружбаदोस्ती

@iamunited231 @CherrySpeakzz

Mast start karege pehle 10 minutes, esa lagega we might snatch a win. Fir essa haggad individual error and game will be gone by first half. Same old, same old. No excitement to turn on the match. @CherrySpeakzz tod mat dena @vikas891 Ka TV. #LIVMUN

@kevinripa @Hyatt That's a QR Code for you to scan and change the configuration.

It's a really nice initiative, Phil! I have some ideas, I can't wait to contribute. Also, thank you for the mention 😉

@lordx64 @robertgraham Came here for this. Not disappointed.

Honest question here. Let's say that you just won a lottery for $1 million, as a lump sum, after taxes. What's the first thing you'd buy?

if youve never tried EVTXECmd for event logs, try it. take your favorite logs, generate CSV, load into Timeline Explorer, and group by the Map Description column instant wins. from there, group by logon type, user, and remote host. instant lateral movement on 4624 events ('Successful login' in map description).

@chrissanders88 Reminds me of Edison. When you know the 10,000 ways "something" will not work. Like ShimCache - you know everything it DOES not tell you.

Attention to Detail. It's critical for analysts, but how do you know if you excel at it?

@EricRZimmerman @chad I noticed this while redoing the Labs! It's a nice Easter egg I'd say 🤌🏻

@vikas891 @chad Yep! that just applies the logs to the hive that is in memory. faster, but you dont end up with a clean hive on disk #options

Instead of selecting the Hive along with transaction logs, saving them as System_Clean, do this instead.. Select the Hive. Hold Shift while clicking on Open! @chad 👈👀 Tool: Reg Explorer by @EricRZimmerman

@BushidoToken Congratulations! 🤌🏻♥️

Really looking forward to delivering my first workshop 😄 Since being accepted, I’ve made the slide deck, a new template for attendees, and created a Discord Server! I also plan to have a trial run in-person at the Uni with the cybersec students to iron out any issues 👨🏻‍💻📝

@tazwake Laura needs a better CTI feed.

At this point, 70% of blue tick accounts are idiots posting idiot takes to get views and reactions. 15% are just evil scum.

@techyteachme 👀

Interested in Cloud Forensics? Check out my latest blogpost which walks you through a simulated breach within an AWS environment. We'll ingest AWS CoudTrail in Splunk and run queries - it's all free and exciting! 👀 #FOR509 @PwnedLabs vikas-singh.notion.site/AWS-CloudTrail…

@_sysengineer @AmyPearlman There can be only one.

@AmyPearlman Here’s her afraid of her reflection 😂

I will not apologize for the amount of puppy pics I share here

@SecurityAura @1ZRR4H Oh hey 😂😭 I meant the IR God in me ain't touching that if you have no MFA. At this point just hand me your money.

I'm just gonna go ahead and say it. If you have: Cisco VPN No MFA for it You may get a surprise knock from #Akira #Ransomware soon. So yeah, go look at your AD auth logs for 4624/4625 from a WIN-* machine in your user VPN range. If you have a hit, may the IR Gods help you.

Another interesting JS. The end goal looks like #Remcos RAT but unsure if this family has been analyzed .. yet. Good de-obfuscation practice today! 🎯Clever masking of all stages 🎯Everything being done in-memory

@vxunderground You SHAll not be building anything lest Ransomware.

NoBit ransomware group states they encrypt data in SHA 😭😭😭