Olivia
Online
Steven Dick
@DickcapitalD
DFIR, video games and whiskey... Not necessarily in that order.
In the aether
Joined January 2018
126 Following
54 Followers
226 Posts
@ImposeCost Impose cost, impose ALL the cost.
@M_haggis Cause mimidogz never worked as a bypass... Lol
@techspence Rapid7 has honey "things" as part of their config. Pots, Tokens, etc.
@JBizzle703 - Threat hunting is a buzz word.
- Alert fatigue is an excuse for poor process.
@UK_Daniel_Card Does psexec and especially it's various less legit clones count?
psexec.exe / psexecsvc.exe
paexec.exe / PAExec-{pid}-{source}.exe
csexec.exe
remcom.exe / remcomsvc.exe
xcmd.exe / xcmdsvc.exe
@cristianhares @Sysinternals @foxmsft @markrussinovich Systems were confirmed to have v15 of SysmonDrv.sys as well as the Sysmon executable.
@cristianhares @Sysinternals @foxmsft Continuing to see the same server hang issues from v14.16 on v15.0 @ $dayjob.
Is anyone else having this same experience?
@Sysinternals @foxmsft @markrussinovich
#Sysmon
@GabrielMergulh8 @olafhartong Same here, v14.16 and v15 cause dead locks on production devices, especially domain controllers.
No blocking entries in the Sysmon config either.
https://t.co/S2oi82YKFs
Does this mean those without E5 will finally get access to those juicy mailitemaccessed events?
Who knows
@HECFBlog @megan_roddie @joshlemon #FOR509
@M_haggis But that sounds like work...
@cyb3rops - Just get an EDR
@jorgeorchilles @Jean_Maes_1994 @pwnEIP @SANSOffensive Neato, how about you ship me one for closer...ahem inspection?
@bettersafetynet Also as much fun: Finger grime in trackball rollers/sensor?
@DetectionLab Thanks for such an awesome resource, good luck on your next adventure(s).
Any plans to name a successor/maintainer for the project?
@bettersafetynet Im glad? it's not just me... It's hard to complain about a hotel room being quiet... At least the HVAC is always noisy 🤣
Might be some exploit detection opportunities in looking for files being written by Sysmon.exe (outside of the archive folder)?
@olafhartong @SwiftOnSecurity @cyb3rops Kind of hot off the presses...
Thanks for the write-up @filip_dragovic
Here is PoC for CVE-2022-41120 https://t.co/oXkBYi4bWk. I combined arb file delete and limited arb file write to get code execution as NT Authority\System.
@Ben0xA @cantcomputer @TrustedSec @HackingDave @Ben0xA Great post very informative... Been using canary SPNs for a few years so it's nice to see that in play.
Any notional idea how much longer 0x17 tickets take to crack versus 0x12 given all other factors equal?
30 cybersecurity search engines for researchers:
1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.
5. ZoomEye—Gather information about targets.
If you follow me, come find me... This social media juggle sucks.
https://t.co/RRnormGNTk
Last Seen Users on Sotwe
المنقبة
Seen from Egypt
jack
Seen from Indonesia
🔥🔥EVLİ TÜRBANLI ATEŞLİ 🔥🔥
Seen from Turkey
ぴらとさん写真投稿垢
Seen from Japan
ابن الشرموطة ختام♠️
Seen from Egypt
cool
Seen from Singapore
A___22
Seen from Switzerland
Haram Addictions 🤫 
Seen from Turkey
ʟᴀᴛᴇꜱᴛ ᴀꜱɪᴀɴ ᴇxᴘᴏꜱᴇᴅ
Seen from Vietnam
yolanda nadia
Seen from Israel
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers