Timothy D. Morgan @ecbftw - Twitter Profile

about 2 years ago

It was a real pleasure working with the @Lansweeper team on this #inventorymanagement / #CyberSecurity integration. They're great partners to have. https://t.co/F3S8OW6MHF

0

1

0

70

ecbftw retweeted

DeepSurface Security @DeepSurfaceSec

about 2 years ago

Learn more on @Lansweeper’s blog ( https://t.co/nLsMwi0VyS ), our blog ( https://t.co/lzJLiWVOwQ ), or get started now by visiting the Lansweeper - DeepSurface Integration Page ( https://t.co/fFblAdXnZY ). 2/2

0

1

0

93

ecbftw retweeted

DeepSurface Security @DeepSurfaceSec

about 2 years ago

#DeepSurface is thrilled to announce our new Integration Partnership with Lansweeper! Together we are pushing the boundaries of visibility– giving you a complete view of your assets AND where your #cybersecurity risk really exists. 1/2 🧵

DeepSurfaceSec's tweet photo. #DeepSurface is thrilled to announce our new Integration Partnership with Lansweeper!

Together we are pushing the boundaries of visibility– giving you a complete view of your assets AND where your #cybersecurity risk really exists.

1/2 🧵 https://t.co/dlVTyDOHwL

1

0

1

0

120

Timothy D. Morgan @ecbftw

about 2 years ago

@techspence DLL sideloading in privileged services or scheduled tasks. Still super common in the real world, anytime someone installs software outside of C:\Program Files https://t.co/t2vdEXYw8S

1

3

0

3

86

Who to follow

Reginaldo Silva

@reginaldojsf

Security @ Mysten Labs. Opinions are mine and do not necessarily reflect my employer’s.

Alvaro Muñoz

@pwntester

Security Researcher with @XBOW. CTF #int3pids. Opinions here are mine! bluesky: https://t.co/9HRRzpBECt

Raz0r

@theRaz0r

CTO & Co-founder @DecurityHQ

Timothy D. Morgan @ecbftw

almost 4 years ago

https://t.co/3kimtn0mI8

0

Timothy D. Morgan @ecbftw

almost 4 years ago

And this is why I have such a hard time helping newcomers to the field... Thanks for putting it in an nutshell @halvarflake.

Chris Eng @chriseng

almost 4 years ago

Wow, @halvarflake managed to capture the security "old-timer" experience in three succinct bullet points.

17

653

149

45

0

Timothy D. Morgan @ecbftw

almost 4 years ago

@gf_256 Bonus points if you've ever pulled that off during a pentest. I once submitted negative value as a refund to the "customer". At the report readout, I told the devs "Oh, but I really doubt your fulfillment department would issue the refund" ...*pause*... "You might be surprised."

1

140

1

3

0

ecbftw retweeted

Information Warfare Center @cyberintel

almost 4 years ago

Coming up next on #DRNewsDesk Tim Morgan @DeepSurfaceSec @ecbftw on DeepSurface Adds Risk-Based Approach to Vulnerability Management https://t.co/nK9akoPDQc #bhusa

0

1

0

Timothy D. Morgan @ecbftw

almost 4 years ago

@wvuuuuuuuuuuuuu Glad someone is finding it useful!

1

0

ecbftw retweeted

wvu @wvuuuuuuuuuuuuu

almost 4 years ago

As mentioned in the blog post, the technique is from @ecbftw in 2013. The old is new again. https://t.co/UTjYaslw7q

1

10

2

3

0

ecbftw retweeted

Horizon3 Attack Team

@Horizon3Attack

almost 4 years ago

Check out a recent finding by one of our own, Naveen Sunkavally. CVE-2022-28219 is an unauth RCE for ManageEngine ADAudit Plus. This XXE -> Deserialization chain often leads to host compromise as well as priv'd AD creds. Check out the blog post and POC: https://t.co/bLHzhvSnLo

5

677

249

107

0

Timothy D. Morgan @ecbftw

almost 4 years ago

Was a fun interview. With that said, these interviews allow for only so much depth in the answers, so I'm curious to know others' thoughts on some of the questions they asked. What are your experiences with the limits of CVSS+TI? Reporting to boards?

DeepSurface Security @DeepSurfaceSec

almost 4 years ago

How is risk-based vulnerability management like the weather report? https://t.co/C2KQQSOvic

0

1

0

ecbftw retweeted

Nicolas Grégoire @Agarri_FR

about 4 years ago

OWASP's example implementation of check_private_ip() is quite naive. It can be bypassed with 0x7f.0.0.1 #SSRF https://t.co/M3cttxZtRl

3

111

24

0

Timothy D. Morgan @ecbftw

about 4 years ago

Patch what matters. https://t.co/3wc0ZGGFb0

1

0

Timothy D. Morgan @ecbftw

over 4 years ago

https://t.co/B3CDatMzPj

0

ecbftw retweeted

DeepSurface Security @DeepSurfaceSec

over 4 years ago

We’re thrilled to announce our latest $4.5 million #seedfunding. Learn how we’re accelerating product development of our award-winning #vulnerability and risk management platform today #cybersecurity #automation https://t.co/ORlC0hvP35

0

1

0

ecbftw retweeted

Alex Ionescu @aionescu

over 4 years ago

It’s 2022, and the fix is still “disable the anti malware agent”. Don’t ever change, infosec/AV industry.

5

246

37

9

0

ecbftw retweeted

Greg Linares (Laughing Mantis)

@Laughing_Mantis

over 4 years ago

#Log4J Worm is ITW @vxunderground has a sample of the self propagating worm using log4j as a vector. It installs a Mirai bot which makes sense to targeting embedded Linux devices Looks like it uses user-agent for exploitation and modifies the binary before sending (?)

4

302

150

38

0

Timothy D. Morgan

@ecbftw

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users