At the beginning of the infection chain, the victim receives an invisible iMessage attachment with a zero-click exploit. https://t.co/Tqq7HsCcyT
— Stefan Tanase (@stefant) Oct 23, 2023
Although I have permanently transitioned to vulnerability research, I have plans to release new versions of Malwoverview and continue maintaining it after I finish writing the five pending articles: https://t.co/SfVTmQUgEC There've been 91K downloads so far. #threathunting https://t.co/RZF8eJ7fXa https://t.co/Ari00pdL9w
— Alexandre Borges (@ale_sp_brazil) Oct 22, 2023
Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👇 https://t.co/1XkxK0FfbU
— Antonio Cocomazzi (@splinter_code) Oct 21, 2023
Palo Alto Networks' Unit 42 researchers analyse Munchkin, a new utility that allows BlackCat operators to propagate the payload to remote machines and shares on a victim organization network. https://t.co/3l0QwWep1Y https://t.co/jYK8ure5el
— Virus Bulletin (@virusbtn) Oct 19, 2023
🧵Pentesting from windows is sometimes like.. Step 1. Login Step 2. Open Explorer Step 3. Open file share Step 4. Search file share for “vmdk” Step 5. Download the sam system and security hive using volumiser (cc @_EthicalChaos_) Step 6. Extract hashes with secretsdump 1/3
— spencer (@techspence) Oct 19, 2023
I really believe that if your infrastructure can’t survive a user clicking a link, you are doomed. I’m the director of cybersecurity at NSA and you can definitely craft and email link I will click… https://t.co/O2IzrMcXuM https://t.co/tkwSKmK3VV
— Rob Joyce (@NSA_CSDirector) Oct 17, 2023
Ransomware Tracker https://t.co/NUHXP8HDUg https://t.co/3qIGDMaQal
— Florian Roth (@cyb3rops) Oct 17, 2023
⚡ The NTLM Protocol Animated! 🔴 Quick & Simple Explanation: 🔻 NTLM_NEGOTIATE You type your credentials on your machine (called Client💻), it sends a request containing your username to the Server🏛 you want to authenticate to. 🔻 NTLM_CHALLENGE The Server🏛 generates a… https://t.co/7ydb3Fr3EX https://t.co/QBaf5kgMlk
— Narek Kay (@0xNarek) Oct 16, 2023
Just read amazing blog on webp CVE-2023-4863. creating poc for this: https://t.co/UizhHq1um5 have required lot of efforts and many might have just given up or frustrated with this!
— Hardik Shah (@hardik05) Oct 14, 2023
With Microsoft #Graph Activity Log now in public preview let's talk about reconnaissance detection. 📢In my latest blog post I dive deep into the logs and show how you can detect tools like #bloodhound and #PurpleKnight using this new log source. https://t.co/xPY5wyBEdN
— Fabian Bader (@fabian_bader) Oct 14, 2023
There are a lot of hacktivist groups and known adversaries engaged in the cyber conflict around the #IsraelPalestineConflict. @CrowdStrike pulled together a graphic to highlight some of what we're seeing. https://t.co/emX92SI0EL
— adam_cyber (@Adam_Cyber) Oct 13, 2023
Finally, Microsoft Graph Activity log in public preview!! https://t.co/kI67unx9A8
— Dr. Nestori Syynimaa (@DrAzureAD) Oct 13, 2023
When deploying Defender for Identity, have you been doing Install-ADServiceAccount for the gMSA? I have good news - it does absolutely nothing! 🥳 The note is both correct (no need to install) and incorrect (this has nothing to do with password rotation) https://t.co/EEapJICfgq https://t.co/HuhMRQAkk8
— Nathan McNulty (@NathanMcNulty) Oct 12, 2023
Our latest research into the #ToddyCat APT group shows they’re evolving their already honed strategies as well as introducing new loaders. We’ve also found that the group has developed new malware, designed to exfiltrate files from devices. Learn more ⇒ https://t.co/VkIn7BDLw8 https://t.co/z9kcihc92B
— Securelist (@Securelist) Oct 12, 2023
APIs for OSINT As a reminder, I have a Github repo with over a hundred APIs for automating dozens of different #osint tasks: collecting information about people, companies, etc. https://t.co/3LZWDWm17D If you don't know how to use APIs, read this: https://t.co/ZEHjKxiwRJ https://t.co/i5T8f2HQwB
— Cyber Detective💙💛 (@cyb_detective) Oct 12, 2023
Bugs happen but it's rare you see a bug that grabs you so hard and makes you nod like a little dog.. CVE-2023-44487 did that for me good god what a bug and here's why
— Daniel Cuthbert (@dcuthbert) Oct 11, 2023
The only bottleneck is server processing speed, which makes this an extreme load-test for the victim. Our monitoring measured one attack, coming into our global network via a global network of open proxies, at 398M requests per second! https://t.co/7yrtbbQAEE 2/3
— Damian Menscher (@menscher) Oct 10, 2023
🦊 How To Use SOCKS Proxy With BurpSuite 🔴 Step 1 — Browser > Burp Proxy: First, you want to route your browser’s traffic to the Burp Proxy server. On Firefox, go to the network settings and add localhost:8080 as the local proxy (pro-tip: install FoxyProxy). On Chrome, (1/8) https://t.co/iCkZUuRzcF
— Narek Kay (@0xNarek) Oct 10, 2023
This is a pretty nice graphic explaining how Kerberos Auth takes place. Useful to have as a reference when you have to explain and visualize attacks such as Pass The Ticket, Kerberoasting and AS-REP Roasting. Credit: @0xNarek 🙏🙏 https://t.co/wgyXSQvNFY
— Kostas (@Kostastsale) Oct 10, 2023
SecAnalyst Sylvain Heiniger (@sploutchy) loves NTLM relay. Dive into his latest blog post to learn how it can be used against Microsoft SQL servers. Discover misconfigurations in your infrastructure and fortify your defenses today. 🛡️ #MSSQL #NTLMrelay https://t.co/xur8aAZDOq https://t.co/BG7Wg9qIg9
— Compass Security (@compasssecurity) Oct 10, 2023
Been thinking about access control checks in AD a lot lately. How they're fairly simple, but fairly misunderstood & overly simplified in a lot of contexts. This post by @tiraniddo and the resources in it are a goldmine for this topic. https://t.co/xWXOB93oZa
— Jim Sykora (@JimSycurity) Oct 7, 2023
What's a #CyberSecurity #infosec myth that (appears to be) widely believed that you wish would die? Mine is that CIA conducted a supply chain attack on Russia resulting in a pipeline explosion
— Joe Słowik 🌻 (@jfslowik) Oct 2, 2023
Use silent #SMS messages to track LTE users’ locations An attacker sends silent SMS messages with a defined pattern and analyze LTE traffic to verify the victim location. All you need is just: SDR + SIM cards + LTESniffer software https://t.co/fFfiBmmGgs https://t.co/VPgj8XOARv
— Mobile Hacker (@androidmalware2) Oct 2, 2023
If you have just started learning reverse engineering and malware analysis, you should pay attention to simple and well-known tricks that still have been used by adversaries when analyzing the resulting assembly code. #idapro #reversing https://t.co/p9wpRRyhaR
— Alexandre Borges (@ale_sp_brazil) Oct 2, 2023
My old girl has been in critical condition since Friday morning. My eyes are swollen from all the tears. The ER clinic sent me this photo, it might be the last photo I have of her. https://t.co/5l9aJc7az3
— Malware Unicorn (@malwareunicorn) Oct 1, 2023
