DFIR | Hunting | BlueTeam | Trying to be a decent human being | Mostly tweeting when feeling okay-ish š | All thoughts and opinions expressed here are my own.github.com/0xlucipher Mumbai, IndiaJoined December 2009
A threat actor installed Huntress.
... a hysterical mistake on their part, giving us first-hand insight to their tooling, workflow & routine. Phishing infra, stealer logs, Telegram+dark web sites, AI...
Hilarious goldmine of cybercrime deets with a front row seat:ā¦
š“ Website netextender-sonicwall[.]org downloads "NetExtender-VPN-10.3.3.msi" signed by "MOHAN ENTERPRISES (RAJASTHAN) PVT LTD" š¤
āŖ The fraudulent domain is powered by Bing and Copilot results, giving it visibility and "credibility" ā
Previously, this campaign wasā¦
I was creating playbook on how to use purview in our organisation. I dropped the idea after 6 months and 3 failed draft as either the information was not āuseful enoughā or either it was ātoo much technical and unusableā. Microsoftās documentation is nightmare level.
I was creating playbook on how to use purview in our organisation. I dropped the idea after 6 months and 3 failed draft as either the information was not āuseful enoughā or either it was ātoo much technical and unusableā. Microsoftās documentation is nightmare level.
Oh lets test some tool's effectiveness for data exfiltration with DLP mode off..
Oh no.. there is no events for the exfiltration! <insert panic meme>
āāā
Jokes aside, it would be interesting to see in the future with the same tests being made against DLP policies configured.
Oh lets test some tool's effectiveness for data exfiltration with DLP mode off..
Oh no.. there is no events for the exfiltration! <insert panic meme>
āāā
Jokes aside, it would be interesting to see in the future with the same tests being made against DLP policies configured.
GitHub - cr0nx/awesome-linux-attack-forensics-purplelabs: This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools. github.com/cr0nx/awesome-ā¦
š„ Excited to announce HEARTH (Hunting Exchange And Research Threat Hub)!
Hey thrunters! A new open-source home to:
- Share hunt ideas
- Learn from others
- Level up together
Built by hunters, for hunters šÆ
threathuntingcommunity.com#threathunting#thrunting#infosec#HEARTH
687 Followers 1K Followingä½ č½ęäøŗēęä¼å¤§ēäŗŗåŖęä½ čŖå·± ā¤ļø I unfollow who doesn't follow back š proudly Japanese š” grandma to two beautiful princesses šš
10 Followers 102 FollowingRecently redundant and looking for work with an honest employer. Blogging my experiences in the Covid-19 world where companies are no longer recruiting.
9K Followers 3K FollowingThis Week in 4n6 // ThinkDFIR // SANS // CyberCX (DFIR)
https://t.co/vLyL2sxTuy
I might not know much, but I do know how to Google
Tweets are mine
20K Followers 2K FollowingPrincipal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK).
And yes, opinions are my own ;)
2K Followers 587 FollowingDFIR @Google :: I write open source tools :: Creator of OpenRelik and Timesketch :: Tweets are my own
@[email protected] on Mastodon
4K Followers 706 FollowingElastic Security Labs is democratizing security by sharing knowledge and capabilities necessary to prepare for threats. Spiritually serving humanity since 2019.
64K Followers 82 FollowingThe latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
2K Followers 515 FollowingSenior Technical Forensics Consultant; Magnet Forensics; Mobile Forensics Enthusiast; Tech Nerd; Comic Book Geek; Opinions are my own, not my employers.
6K Followers 3K FollowingHunt & Response Senior Manager @HuntressLabs || "Competition is the law of the jungle, but cooperation is the law of civilisationā - Kropotkin
13K Followers 309 FollowingThreat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering.
āāļøWhat do we say to God of malware, Not todayāļøā
2K Followers 0 FollowingTweeting about the latest tool updates from Yamato Security Tools.
大åć»ćć„ćŖćć£ćć¼ć«ć«ć¤ćć¦ć®ę å ±ćé äæ”ććć¢ć«ć¦ć³ćć§ćć
https://t.co/PiLgt4IOvV
13K Followers 1K FollowingCIRCL is the CERT (Computer Emergency Response Team) for the private sector, communes and non-governmental entities in Luxembourg.
12K Followers 58 FollowingAuthor of #PingCastle, contributor to #mimikatz (DCSync, setntlm, DCShadow) and #OpenSC. Wrote GIDS applet, OpenPGP card driver on Windows and OpenSC stuff.
25K Followers 2K FollowingNFP with the mission of #crowdsourcing OSINT to help find #missingpersons while training members in the tradecraft of #OSINT | Contact us at [email protected]