Olivia
Online
Ryan Andorfer
@Randorfer
Tanium - VP, Cloud Engineering
Joined August 2009
182 Following
230 Followers
825 Posts
@Delta booked first class with infant and grandparents. Arrived to check in this morning and the grandparents are downgraded to delta comfort without notification and after getting a confirmation. Help!
My Signature Creation Mind Map
Input: Sample
> the things that I check to create YARA signatures, Sigma rules or IOCs
> or pivot to related samples in order to improve the signatures / rules
@davehull Do what only you can do. Drop the ball and let others pick it up, they will appreciate the opportunity. Figure out what actually motivates you in life, make sure your work goals align to that. Talk to Egon for a refreshing perspective.
@hulu_support getting 503s when trying to watch videos :-(
2/2 Yesterday we were told that they would be looking at ways to mitigate the problem more. Today, it looks like the bypass they had in place has been dammed up. Is this just temporary I hope?
1/2 @MayorShepHarris thank you for personally coming out yesterday to help ensure everything that should be done is being done to protect the homes of Bassett Creek during the bridge construction. @LindaIHiggins do you know what is going on with the project?
At least once a week we encounter a case of lateral movement using off the shelf tools like psexec, command line utilities, or eternal blue. You can stop all of them from moving laterally by blocking SMB and RPC between endpoints using the Windows Firewall https://t.co/XtMh5toRmM
Windows Event ID 4624 displays a numerical value for the type of login that was attempted. These numbers are important from a forensic standpoint but also for understanding credential exposure and mitigating risks. Descriptions in replies.
Have a practice IR. This may look different than you’re expecting.
Can you:
1) deploy software or a script to ALL endpoints without errors?
2) identify all your endpoints?
3) know what your patch or configuration deployment status is for a basic item like KB2871997 or a GPO?
Cool series about #KernelMode #rootkits by @TigzyRK :
1) https://t.co/9gQmd6dXUf
2) https://t.co/AxkQvQXUov
3) https://t.co/NFCMUOh3IH
@poshboth @sstranger
Function Get-ArrayListOutput
{
Param()
$null = $(
$arraylist = new-object -TypeName System.Collections.ArrayList
$arrayList.Add('First')
$arrayList.Add('Second)
)
return $arrayList
}
Get-ArrayListOutput
return control from functions
Detecting Lateral Movements in Windows Infrastructure
https://t.co/0pAj2WdrLZ
In Pike Place Market, you may have come across the Market Penmaker. He made pens and mechanical pencils from woods around the world. I have given them as gifts to friends and acquaintances. He died last month, but I thought his work so beautiful I wanted to share it.
dotnet new -i Microsoft.PowerShell.Standard.Module.Template
dotnet new psmodule
👆BOOM
A #PowerShell Standard-ready C# module. One cross-plat codebase for a module that works on PS 5.1 & PS Core 6 (or PS 3+) 🚀⚡️
NuGet
https://t.co/t32HvpgErN
Repo
https://t.co/h0TYTzgksb
Fun fact: the WMI EventFilter registered by this #DailyScriptlet for persistence leverages TargetInstance.SystemUptime to specify a launch time range (in seconds).
For malware, the range is often chosen to allow the system to fully boot then launch once.
Method in Vault 7 leak. https://t.co/BIC5iQSKx9
*the sound of a thousand hackers cheering simultaneously around the world* https://t.co/2X5dJhp02Q
Poor pentesters, getting up every day to discover & report that software is broken & security concepts are flawed.
It takes some time to realise that it'll always stay that way.
Become a defender! We kick ass, fight back real adversaries & ruin the day of criminal scumbags.
Magic Wormhole
Get things from one computer to another, safely.
> I just made my first 381MB file transfer - awesome project
https://t.co/JadsE6En8O
[Blog] Abusing DCOM For Yet Another Lateral Movement Technique
....unsophisticated, but may have some utility
https://t.co/q9Q656gkKI
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers