๐ฃ๐ข Calling all Android and Chrome bug hunters ๐งโ๐ป๐!
We're updating our Android & Chrome VRP programs to ensure we can continue to reward the most challenging and impactful vulnerabilities researchers find in our products. For details, ๐
https://t.co/hyZzEIampk
@Cyb3rMonk Cool, I do agree the OOTB p2 detections are "lacking", curious how you build it. I don't think most companies take the p2 license for these detections but for p2 conditional access engine
Never been happier to have a mouse in the house. ๐ญ
@_RastaMouse of @_ZeroPointSec has officially joined @Fortra! The mind behind Red Team Ops, one of the most respected training courses in offensive security, is now building what's next with us.
Details: https://t.co/cITQF1t9nL
security
1. you can't secure something if you don't understand how it works (to a reasonable degree)
2. people like setting rules not following them
3. people like rules for others but not for themselves
4. securing infra is more difficult if it's not been deployed in a 'reasonably safe' state to start with.
5. securing something in use is much harder than doing it in a lab
6. data is like oil, it gets everywhere
7. most security is about good organisation, most people don't like admin work so they tend to not like being organised
8. you can't control everything, you have to understand that 100% security isn't a real thing
9. monitoring costs money and hopefully you never really need to use it
10. if someone is doing response they need authority to take action otherwise you are just watching a car crash and saying: oh dear
๐จ Detect Potential Lateral Movement via ODBC Driver Install over DCOM using Windows Installer Custom Action
The aforementioned registry key is not monitored by MDE, so I developed an alternative detection method based on the simulated attack.
You can copy the query form the ALT text.
#ThreatHunting #DetectionEngineering #KQL
DLL Sideloading for Initial Access โ Red Team Operator's Guide ๐ฅ (new article)
https://t.co/rXWXasjEQs
- finding software to backdoor
- finding DLL and function to backdoor
- legit software backdooring
- OPSEC considerations
#redteam#infosec#malware#security
@Cyb3rMonk Curious what your theory is that may be wrong?My first thought; other certs are getting better and creating a name for themselves -- if competition is upping there game, sans may feel the need for discounts
๐ Detect Direct Send phishing emails
Below you can find a query that can help you find phishing emails being send using #Microsoft Exchange Direct Send.
#Kusto#KQL#DefenderXDR#MicrosoftSentinel
https://t.co/ipCczYheIZ
How to hunt sign-ins that bypass #ConditionalAccess ๐ in #MicrosoftEntra?
๐ก Outstanding research by @_dirkjan & @fabian_bader: They published their analysis with identified bypasses of first-party apps and combinations of API and resource combos. ๐ https://t.co/UxMpzYrzje