Everyone today is a hacker in a sense but there are very few OG hackers on which shoulders we stand
Oh dude, Felix “FX” Lindner you were so much a hackers hacker and you will be missed
RIP my friend and thank you
We have finally published Tproxy (https://t.co/ECXoklDR0B) our generic TCP interception proxy (think Burp for TCP): TLS handling, wireshark dissection, intercept and modify by hand or with scripts in GUI or CLI.
There is a complete doc with demos (https://t.co/wJ7lrHC8L4)
@dougsbaker@DrAzureAD ADX is not exposed in most Sentinel contexts like analytic rules, nor Defender threat hunting queries, mostly for commercial reasons.
@rmhrisk So true for AD user certs, even worse if you include Azure, Intune etc. Most solutions are half baked, siloed and hard to get right. From PIV tokens to SMIME to mobile creds... such reluctance to cover use cases properly. And Hello/FIDO are just not there yet - not for (1/2)
@awakecoding If dealing with PIV scards like yubikeys, clearing the PIV cache sometimes help dealing with stale keycontainer refs https://t.co/Uy45h5l9Lj
Inspired by @CryptoHack__ ;)
Thread around Latttice-Based Cryptography Reading
For the past few months, with some amazing people, we have been learning lattice-based cryptography.
These are some useful resources:
This week I started reviewing Rustls. As part of this review, we (@1Password) have submitted over 25 PRs to make the code easier to review in the future. I expect us to submit more to clarify the correctness of the state machine, improve certificate validation, and improve perf.