Olivia
Online
221BlueStreet
@SaharShukrun
Security Researcher @ Palo Alto Networks
ישראל
Joined February 2017
194 Following
26 Followers
23 Posts
@inspector_il כנראה שלא צריך הרבה שכל כדי להחזיק מניות של פאלו אלטו, זאת החברה עם הכי הרבה נשים בהייטק בכל תפקיד שאתה תראה, חלאס עם לפרסם גיוון לשם הגיוון, סתם לשקר כדי שיהיה לך נעים בעין? זה גיוס לצוות ספציפי שבו יצא שיש רק גברים כרגע.
ממתי רק גברים הפך להיות מילה גסה?
איף
Just finished @codemachineinc 's Windows Rootkit Techniques course, hands down, the best training I've ever taken.
I recommend to anyone to attend at least one of T.roy's courses during his lifetime.
A Thousand (4) ways of COM Hijacking explained :)
https://t.co/c4qTvjw460
@bohops Hmm, probably a default value in regards to the process name, however, you have plenty more information regarding the executable so that shouldn't matter that much, I didn't get the second part of the tweet, is there still value in what?
Who to follow
Jonathan 
@jon__reiter
Proud dad and husband, reverse engineer, exploit developer, author of SANS SEC670, and SEC665. Windows kernel developer, Air Force
Shawn
@anthemtotheego
CTO & Co-Founder @RemoteThreat | Ex Head of Capability R&D Adversary Sim X-Force | Offensive AI | Malware | Work In Progress | https://t.co/eNspx7jLvm
Matthew Green 🌻
@mgreen27
#DFIR and research.
If you guys are into Windows Component Object Model (COM) ; or always wanted to understand it, I've made a nice primer for COM, very detail with many examples to cover the black magic that surrounds this tech :))
https://t.co/mpObS9EOBI
@BlackMatter23 @jaredcatkinson Well, that's a hard one, because as an "Analyst" you do want raw data, but sending all of the data and EDR collects is very expensive and sometimes not competitive, and so EDR vendor now limits the amount of data sent to the cloud because it increases the cost of the product
I've just discovered this amazing document showing super clearly the relation between the opcode and the instruction 🤯
https://t.co/4TrQM0Y65u
Active Directory "WriteOwner" DACL abuse, now in Python 🐍
https://t.co/waU2eWdfPW
And icymi, "WriteDACL" abuse, also in Python now 🐍
https://t.co/nQGZy1dnbR
One DACL abuse is left implementing, "Logon script"
@rimpq Protection results are also worth noting as these block the scenarios
🚨 #Python for security investigations, research & threat hunting?
🪵 Collect 👔 Enrich 🔍Analyze & 📊Viz data!
💸 oh.. & for free! open source!
The amazing @ianhellen @MSSPete @ashwinpatil 'll show how to w/ MSTICpy 🔥@BlackHatEvents #BHUSA
Arsenal: https://t.co/MCgLDpfay1
Instead of leveraging VBAWarning:1 to disable macro warnings, you can use the TRUST mechanism to "disable" all security mechanisms by adding a "Trusted Location" or "Trusted Document" entry.
HKCU\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Locations\Location01\<path>
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
=======
You can also specify the trusted path as "C:\"
and add a value that trusts all sub-folder of the trusted directory:
...\Word\Security\TrustedLocations\Location01\AllowSubFolders
Super Excited :D:D
🚨 Organizing an Infosec Jupyterthon on 5/8 🚀 An open virtual community event for security researchers to share their favorite @ProjectJupyter #notebooks w/ the Infosec 🌎 Share & meet other Infosec Jovyans!
Site: https://t.co/cc65ItM4gl
Call for 📔: https://t.co/XzApZkwUsq
A lot of new #cloud techniques were added to #mitreattack matrix, along with additional new and updated techniques.
In the update you can even find my own recent contribution regarding the office persistence technique I recently published an article about
https://t.co/1hSMZ4X2pt
@pry0cc Those who judge you by your age and "years" of experience are ones you shouldn't pay attention to, don't spend time proving them wrong.
I Also have no Academic education yet I lecture in a well respected University, about DFIR & more..
Show value, and people will respect you.
We probably had a little too much fun making our new marketing video but we love the end result. Get the full picture of everything that the LimaCharlie Security Infrastructure as a Service can do.
Watch the video here: https://t.co/Ddt9LqSG5r
#infosec #mssp #cybersecurity #edr
Meet OSSEM, another great project by @Cyb3rWard0g , the project's goal is to maintain and standardize a Common Information Model for different events data sets.
It also aims at having a data dictionaries for each data set source (Sysmon, WinEvt, EDR's)
https://t.co/0rLZkGZ2yG
A rough overview of how EDR products works and couple of notes about EDR weaknesses that are common in multiple EDR vendors.
Nice read
https://t.co/GKJq9i4ani
Sharing one of my obfuscation detection #YARA rules with the community
PowerShell Caret Obfuscation
> note the fixed 3byte atoms at the beginning & end of $s1 & $s2
> necessary to improve regex performance
Rule
https://t.co/6AxY8xnin2
Retrohunt + Munin
https://t.co/ibuFWj2auH
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers