Qazeer @_Qazeer - Twitter Profile

Pinned Tweet

almost 4 years ago

Aaand it's a wrap! EDRSandblast v1.1 and the slides from the DefCon30 DemoLab "EDR detection mechanisms and bypass techniques with EDRSandblast" with @th3m4ks can now be found on GitHub: https://t.co/sKK1QPqOlx 1/2

6

224

88

50

0

_Qazeer retweeted

Renzon

@r3nzsec

over 1 year ago

I recently co-authored a @Unit42_Intel blog about a unique IR case in which a threat actor’s custom EDR bypass (using #BYOVD) exposed their toolkit, methods, and even identity. Check out how we unmasked them through an opsec slip-up! #dfir https://t.co/TRvedMDQUL

7

221

60

99

30K

_Qazeer retweeted

Invictus Incident Response

@InvictusIR

about 2 years ago

What a glorious day for Incident Responders around the world! Premium audit events in Microsoft 365 are now available to non-premium users. 🚨Action for you: - Check your mailbox audit settings, details in the blog: https://t.co/mEkdtozsaO

InvictusIR's tweet photo. What a glorious day for Incident Responders around the world! Premium audit events in Microsoft 365 are now available to non-premium users.

🚨Action for you:
- Check your mailbox audit settings, details in the blog:
https://t.co/mEkdtozsaO https://t.co/clTiLUo1YR

3

96

34

39

10K

Qazeer @_Qazeer

over 2 years ago

@lkarlslund Among the things that can be checked by FarsightAD (https://t.co/5zrng9skWr) in a post forest / domain scenario :)

0

4

0

2

154

Who to follow

Filip Dragovic

@filip_dragovic

My research unless stated otherwise. My opinions are my own and do not represent the views of my employer. Red Team @MDSecLabs

LuemmelSec

@theluemmel

I speak BloodHound. Husband, Father, IT-Guy, Security-Noob Blog: https://t.co/PXB35KEqs6 GitHub: https://t.co/Unp9jZOpBn

Clément Notin

@cnotin

😈 Security research (#ActiveDirectory #EntraID) & pentest 🎉 #CTF @tipi_hack 👨‍💼 Works @TenableSecurity, opinions my own 🪂 https://t.co/4HRwJQ6PUm

_Qazeer retweeted

Maxime Meignan @th3m4ks

over 2 years ago

How to disable some parts of EDR’s telemetry on Windows 10? Just ask nicely! See https://t.co/Vxio1trFh4 for more info about an interesting logic bug we found on Win10 that affects all EDRs 😉

2

302

112

131

48K

_Qazeer retweeted

Gabriel Landau

@GabrielLandau

almost 3 years ago

Forget vulnerable drivers - Admin is all you need Article 👉 https://t.co/dHO0KJ90WH 👇 Demo - enable sound 🔊

13

369

140

119

97K

_Qazeer retweeted

Jean Marsault @iansus

almost 3 years ago

🚩 @wavestoneFR CTF team #YoloSw4g ranks first of 80+ teams at #CyberEx23! 🚩 Thanks @INCIBE and @OEA_Cyber for the organization & challenges! 🚩 Congratz to @_Qazeer @th3m4ks and @meaz0u for the great team we've been for the last 8 hours, now we go to a well-deserved sleep!

iansus's tweet photo. 🚩 @wavestoneFR CTF team #YoloSw4g ranks first of 80+ teams at #CyberEx23!

🚩 Thanks @INCIBE and @OEA_Cyber for the organization & challenges!

🚩 Congratz to @_Qazeer @th3m4ks and @meaz0u for the great team we've been for the last 8 hours, now we go to a well-deserved sleep! https://t.co/2FPitJDhpo

3

26

6

0

3K

_Qazeer retweeted

NoLimitSecu @nolimitsecu

over 3 years ago

#Podcast #Cybersécurité Épisode #387 consacré à l'outil de contournement des EDR, "EDR Sandblast", avec @th3m4ks et @_Qazeer https://t.co/Sq5k0h9LhS

0

22

19

1

0

_Qazeer retweeted

Maxime Meignan @th3m4ks

almost 4 years ago

A promise is a promise: the slides from the #DEFCON30 DemoLabs @_Qazeer and I presented about EDRSandblast are uploaded on GitHub (https://t.co/21tSHBe7Te), along with the latest version of the tool! Check out the list of new features in the slides, documentation is on its way ;)

0

39

18

9

0

Qazeer @_Qazeer

almost 4 years ago

@Jipe_ Thank you for the shout-out @Jipe_!

0

Qazeer @_Qazeer

almost 4 years ago

FarsightAD and the slides from the SANS DFIR Summit 2022 "Hunting for Active Directory persistence" talk can be found on GitHub as well: https://t.co/5zrng9skWr. Thank you to all the in-person and virtual attendees! 2/2

0

40

14

9

0

Qazeer @_Qazeer

almost 4 years ago

Aaand it's a wrap! EDRSandblast v1.1 and the slides from the DefCon30 DemoLab "EDR detection mechanisms and bypass techniques with EDRSandblast" with @th3m4ks can now be found on GitHub: https://t.co/sKK1QPqOlx 1/2

6

224

88

50

0

_Qazeer retweeted

Jean Marsault @iansus

almost 4 years ago

Actually good question, let's start with obviously wrong answers and see where they lead us. A thread 🧵

3

102

38

34

0

_Qazeer retweeted

Will Schroeder @harmj0y

almost 4 years ago

Hey, do you like tokens? Have you always wanted to "harvest" tokens for offensive purposes? If so check out my new post https://t.co/5Tr9UxYuh1 where I show I can (finally) write a technical post without memes, and then check out the Koh toolset at https://t.co/l77vlPDQrj

14

546

255

122

0

_Qazeer retweeted

Arnaud SOULLIÉ

@arnaudsoullie

almost 4 years ago

I'm extremely proud to announce @wavestone_ speaking engagements at @BSidesLV @defcon & more, and it doesn't fit in a tweet (far from it, actually), so a 🧵:

3

30

11

0

_Qazeer retweeted

Alice Climent @AliceCliment

almost 4 years ago

You enjoyed the awesome EDRSandblast tool of @th3m4ks and @_Qazeer and want to know more about the vulnerability used in the MSI AfterBurner driver to play in the kernel mode ? Go check the vulnerability analysis done by hfiref0x https://t.co/zEOmrwXoWE

0

7

2

4

0

_Qazeer retweeted

mpgn @mpgn_x64

over 4 years ago

🇫🇷🎙️ Nouvel épisode du podcast @hacknspeak avec @th3m4ks & @_Qazeer pour parler de leur outil EDRSandBlast 🚀 Une interview un peu plus technique que d'habitude où l'on parle du fonctionnement d'un EDR et des mécanismes de contournement 🔥 Bonne écoute 🎶https://t.co/Uk6FuIJ6oC

0

45

23

5

0

Qazeer

@_Qazeer

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users