TODAY IS THE DAY! Congratulations to first place winners:
Aliz Hammond for Gargoyle #PluginContest
Team Decepticon for 2018 VAC Report #AnalysisContest
Read full contest results here: https://t.co/LghWttnOCN
#DFIR
It’s official, MTA-STS (HSTS equivalent for SMTP) has been released as RFC 8461 https://t.co/VnEl4SXi0v We wrote about MTA-STS a couple of months ago https://t.co/YXEDG8Wppu and we fully support it in our assessments!
Windows timestamp documentation is everywhere! How about some love for Linux, specifically EXT4 and my personal curiosity into the "born" date or "CR".
This is my personal testing let me know if you have other results. #infosec#DFIR
Red Team Tip: Have a shell on a Windows PC with a touch screen? Search for passwords in Waitlist.dat, a full text index of emails and documents used to improve handwriting recognition.
Powershell command below.
Read my research on Waitlist.dat here:
https://t.co/Hk764Wqy4j
Finally got around to doing the Forensic Challenge from the Magnet User Summit. Awesome work @HECFBlog, this was so much fun! If you haven't done it, DO IT! Get the images: https://t.co/fWldOFKSDm and register here: https://t.co/Eqk9aFDDWQ #DFIR
Windows 7 Meltdown patch opened up a new vulnerability (on Win7 & Win Serv 2008): arbitrary memory read & write 😱 https://t.co/4XOErH72MJ #windows#vulnerability
Registrations for the Midnight Sun CTF will open this week. Keep an eye out here and on the website for registration link. Start gathering your team and get hype for #CTF
@HackingForSoju is proud to present Midnight Sun CTF: https://t.co/YiXhdqICIh which will run online qualifiers April 14th-15th and on-site finals in Stockholm, Sweden June 16th-17th with both open and student categories! #MidnightSunCTF#CTF
If you have/use any Western Digital MyCloud drives, recommend disconnecting them immediately and transitioning the data to another product ASAP -Hardwired network backdoor (u: mydlinkBRionyg p: abc12345cba) no vendor response for six months.
https://t.co/Qv2nXG4NjM
It looks as if Mimikatz's experimental Event Log removal capability has gone mainstream. If you aren't already centralizing your logs, maybe this will be the final justification needed? As PowerShell and WMI attacks proliferate, logs may be your only hope. #DFIR https://t.co/feic92ztzt