David Cottingham @c0tts - Twitter Profile

c0tts retweeted

about 2 months ago

Video showing how @AirlockDigital prevents TTPs such as the DLL search order used to load an attacker controlled DLL into a trusted application from the compromised CPU-Z website last week. https://t.co/u3q3ptN6AT

0

18

6

8

3K

David Cottingham @c0tts

about 1 year ago

@Collab_Seth @AirlockDigital Anytime! I have been wanting to reply to this for months now! If I can help in any way, please don't hesitate to reach out to myself or support :)

0

2

0

48

David Cottingham @c0tts

about 1 year ago

@Collab_Seth @AirlockDigital Hi Seth, just reaching out here to let you know that our ARM supported agent is now GA in our v6.0 product release

1

0

28

David Cottingham @c0tts

almost 2 years ago

@Collab_Seth @miketheitguy @AirlockDigital It's alive. We are now just updating the installer logic to accommodate. Still a few steps to go, but making great progress over the last few days.

c0tts's tweet photo. @Collab_Seth @miketheitguy @AirlockDigital It's alive. We are now just updating the installer logic to accommodate. Still a few steps to go, but making great progress over the last few days. https://t.co/4pE7af9YaL

0

2

0

83

Who to follow

Airlock Digital

@AirlockDigital

Practical Allowlisting and execution control that works.

Daniel Schell

@danonit

CoFounder & CTO at @AirlockDigital. Practical Execution Control & Allowlisting.

DirectoryRanger

@DirectoryRanger

This account assembles and disseminates information related to Active Directory and Windows security.

David Cottingham @c0tts

almost 2 years ago

@Collab_Seth @miketheitguy @AirlockDigital Thanks for the feedback Seth. It's compiled we just need to QA and ship it, will ensure it gets to you really soon. This really helps us prioritise.

1

0

198

David Cottingham @c0tts

about 2 years ago

Really exciting milestone to have the whole company together in Adelaide this week, cooking up the next chapter :)

0

10

1

0

471

David Cottingham @c0tts

about 2 years ago

Great to see another live @riskybusiness fantastic analysis as always

0

15

1

0

3K

c0tts retweeted

Brian in Pittsburgh @arekfurt

over 2 years ago

Application allowlisting is the future for all security consciousness organizations that have any significant resources. It's just a matter of how and when any particular org will adopt it.

9

59

17

11

15K

c0tts retweeted

Brian in Pittsburgh @arekfurt

over 2 years ago

Here's the reality: We need to shift focus away from relying on detection + response to catch and stop ransomware/extortion actors and toward preventative/blocking means. There simply is no viable alternative if we're going to make substantial progress at societal level here.

3

20

5

6

3K

c0tts retweeted

Koen Van Impe ☕ @cudeso

over 2 years ago

The “Allowlist Auditor” from @AirlockDigital is great to highlight the current state of allowlisting on endpoints. Includes tests for execution (exe, dll, PS1, CPL and others) in common locations, and an audit for existing allowlisting solutions. https://t.co/iU3BhPeF90

cudeso's tweet photo. The “Allowlist Auditor” from @AirlockDigital is great to highlight the current state of allowlisting on endpoints. Includes tests for execution (exe, dll, PS1, CPL and others) in common locations, and an audit for existing allowlisting solutions. https://t.co/iU3BhPeF90 https://t.co/UyBpz2mnoN

0

46

14

23

13K

c0tts retweeted

Daniel Schell @danonit

over 2 years ago

Fantastic to see public recognition of @AirlockDigital as the #1 popular listing in the @CrowdStrike marketplace https://t.co/WSdVbfg35R

danonit's tweet photo. Fantastic to see public recognition of @AirlockDigital as the #1 popular listing in the @CrowdStrike marketplace https://t.co/WSdVbfg35R https://t.co/UlqOeZosE4

0

8

6

0

1K

c0tts retweeted

Daniel Schell @danonit

over 2 years ago

Feels too soon to be getting back on the plane after BH/DC, but looking forward to @CrowdStrike fal.con23 next week. Swing past our booth and say Hi :)

0

5

2

0

892

David Cottingham @c0tts

almost 3 years ago

@jmelville It seems so! That does make life a little easier. Still unclear as to why this occurred. Intentional? unintentional? rolled back due to impact?

0

1

0

36

David Cottingham @c0tts

almost 3 years ago

Something is happening at Digicert. It looks like on many Windows systems the VeriSign Class 3 Public Primary Certification Authority - G5 root certificate (serial: 18dad19e267de8bb4a2158cdcc6b3b4a) has been revoked as of around 9 hours ago.

2

29

20

4

7K

David Cottingham @c0tts

almost 3 years ago

Update: This change has been rolled back by Microsoft, with the certificate appearing as valid on systems. This can also be seen here https://t.co/ITyvhhZsvH (SHA1 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5) showing with the status of 'Not Before'.

c0tts's tweet photo. Update: This change has been rolled back by Microsoft, with the certificate appearing as valid on systems. This can also be seen here https://t.co/ITyvhhZsvH (SHA1 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5) showing with the status of 'Not Before'. https://t.co/6FWTeIpPfr

0

6

2

0

687

David Cottingham @c0tts

almost 3 years ago

Blog writeup of what we know https://t.co/thXiNmzwTt

2

22

10

5

7K

David Cottingham @c0tts

almost 3 years ago

@back2all You unfortunately can't, Microsoft has set the remove flag. It's effectively perma banned. Even if you trust this yourself, the system will still block it.

0

13

David Cottingham

@c0tts

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users