I am excited to share with you my latest research - "DCOM Upload & Execute"
An advanced lateral movement technique to upload and execute custom payloads on remote targets
Forget about PSEXEC and dive in!
https://t.co/ruQJlXgLqV
https://t.co/Yp25P6pZvH
Google is enabling its real-time Enhanced Safe Browsing feature for all Chrome users over the coming weeks.
We are told it will not be possible to select the legacy Safe Browsing version once this rolls out.
https://t.co/Pew6YjWYT5
We’re releasing a second version of our threat matrix for storage services, a structured tool that can help identify and analyze potential security threats on data stored in cloud storage services. Learn about the new attack techniques in the matrix: https://t.co/QOu3HZKRM5
Check out our latest blog post to learn more on how to monitor your EKS or AKS #container workloads for malicious activity with #falco and #sentinel#SIEM https://t.co/WOuInIj7fT
NEW BLOG ENTRY: A recent case involving the #QAKBOT ‘BB’ distributor led to the deployment of Brute Ratel (detected by Trend Micro as Backdoor.Win64.BRUTEL) — a framework similar to #Cobalt Strike — as a second-stage payload.
Stay informed and read more: https://t.co/Rz9sQdf39w
Oh hell yeah, this is cool!
DeviceNetworkEvents
| where RemoteIPType == "Public"
| where InitiatingProcessVersionInfoOriginalFileName in ((
externaldata ( Name:string ) [ "https://t.co/m8rJbl7KnU" ]
with (format=csv, ignoreFirstRecord=true) | distinct Name
))
#MDE
@DThompsonDev@kylekyle Companies claim to be secure once MFA is configured on all accounts. However, this Uber hack proves cloud-based MFA push notifications can be abused. This blog post explains how to detect this attack when you use Azure AD + Sentinel https://t.co/U0qqpdfvts