Top Tweets for #LOGISEK

6 months ago

EvilMist update! New scripts have been added and the project now features a more modular, flexible structure for easier use. Check it out 👉 https://t.co/tnhMtHEH7L #EvilMist #RedTeam #OffensiveSecurity #Pentesting #OpenSource #Infosec #Offsec #PenTest #Cloud #Azure #Logisek

332

6 months ago

Quickly detect all Entra ID users without MFA enabled. EvilMist is a collection of scripts and utilities designed to support cloud penetration testing & red teaming. https://t.co/yDaqDycsPs #Cybersecurity #RedTeam #PenTest #Audit #Infosec #Offsec #Logisek

logisekict's tweet photo. Quickly detect all Entra ID users without MFA enabled.

EvilMist is a collection of scripts and utilities designed to support cloud penetration testing & red teaming.

https://t.co/yDaqDycsPs

#Cybersecurity #RedTeam #PenTest #Audit #Infosec #Offsec #Logisek https://t.co/bzIKstBdwF

244

7 months ago

EvilMist is a collection of scripts and utilities designed to support cloud penetration testing & red teaming. The toolkit helps identify misconfigurations, privilege-escalations, and simulate attack techniques. https://t.co/pqi5ANyAYc #Cloud #RedTeam #PentTest #Logisek

maldevel's tweet photo. EvilMist is a collection of scripts and utilities designed to support cloud penetration testing & red teaming. The toolkit helps identify misconfigurations, privilege-escalations, and simulate attack techniques.

https://t.co/pqi5ANyAYc

#Cloud #RedTeam #PentTest #Logisek https://t.co/mdBIlOhwpV

189

8 months ago

#ThreatHunting - an open-source tool that scores and correlates events, helping you find threats faster. It’s meant for local triage and quick investigations, not to replace enterprise-grade SIEM platforms. #Logisek https://t.co/1yvHfLO55r

10 months ago

Ftp as a code runner Abuse scripted commands to invoke binaries, compiling a C# process-hollowing payload and launching it with ftp. - Native Windows tooling - In-memory execution > https://t.co/RkSIDOZJDe > https://t.co/Rv1ZZsUElN #RedTeam #Infosec #Redteam #Offsec #Logisek

428

10 months ago

⛏️ Old but gold: forfiles.exe as a payload launcher Abuse cmd to chain into rundll32 and load a malicious DLL-triggering arbitrary code (such as calc.exe!) without dropping a traditional EXE. https://t.co/B80AzQS2kP #RedTeam #Infosec #Redteam #Offsec #Logisek

391

11 months ago

🧪 Classic COM trick: advpack.dll + fake .ocx Craft a minimal COM DLL with a spoofed CLSID, compile as .ocx, and execute via: rundll32 advpack.dll,RegisterOCX payload.ocx Result? In-memory calc.exe https://t.co/RkSIDOZJDe #RedTeam #Infosec #Redteam #Offsec #Logisek

11 months ago

Control meets custom .cpl Craft a fake Control Panel applet that triggers calc! On double-click, launch it using control.exe to execute unsigned code with zero prompts. MSVC Native compilation. Control Python: https://t.co/RkSIDP0hsM #RedTeam #Infosec #Redteam #Offsec #Logisek

536

11 months ago

🧬 csc.exe + process hollowing Use C# and native .NET tooling to compile a payload that spawns calc.exe, then hollows it out in memory using Win32 APIs. No files dropped. Csc Python: https://t.co/RkSIDOZJDe #RedTeam #Infosec #Redteam #Offsec #Logisek

11 months ago

Not breaking news, but combined with a FUD, still breaking UAC: fodhelper.exe Hijack Registry to trigger fodhelper.exe = payload execution. https://t.co/RkSIDOZJDe #RedTeam #Infosec #Redteam #Offsec #Logisek

227

12 months ago

AtBroker for LOLBAS payload delivery Abuses the Assistive Technologies registry to proxy execution through AtBroker.exe. Launches any payload (like calc.exe) with a twist of accessibility. - Admin required https://t.co/RkSIDP0hsM #RedTeam #Infosec #Offsec #Logisek

267

12 months ago

Living off the land with AppInstaller.exe A fake signed .msix package + .appinstaller file to trigger execution via ms-appinstaller (https://t.co/fJdnltVjVw). RCE (or not, just a calc), no user prompt if trusted. https://t.co/RkSIDOZJDe #RedTeam #Infosec #Offsec #Logisek

285

12 months ago

Another LOLBAS Trick: aspnet_compiler.exe Abusing .NET's BuildProvider to trigger arbitrary code execution during https://t.co/DEnnpRan1O compilation, dropping a DLL, registering a .evil extension, and popping calc. https://t.co/RkSIDOZJDe #RedTeam #Infosec #Offsec #Logisek

241

12 months ago

Living Off the Land with .NET! A proof-of-concept that "weaponizes" AddInUtil.exe (LOLBAS) to load a serialized payload via https://t.co/Ayqktuf5je, spawning, what else, a calc.exe, through the .store file trick. PoC: https://t.co/RkSIDP0hsM #RedTeam #Infosec #Offsec #Logisek

248

about 2 years ago

Mastering #Web #Application #Penetration #Testing At #Logisek, we specialize in delivering top-tier web application penetration testing to safeguard your #digital #assets. But what does it take to scope a web app penetration test properly? --- 🎯 #Scoping #Essentials A well-defined scope is crucial for effective penetration testing. Several factors need consideration: - #Application #Inventory: Understanding the number and type of web applications, including static and dynamic pages, input fields, and forms. - #Authentication #Requirements: Deciding whether tests will proceed with or without credentials and identifying the roles for testing. - #Test #Environment: We advocate for testing in UAT, QA, or DEV environments to protect your live operations. 🗝️ The Need for #Multiple #Accounts > Diverse user roles within web applications—from read-only access to administrative privileges—demand a nuanced approach. Supplying #credentials for each role enables our team to meticulously assess both #vertical and #horizontal permission controls. This comprehensive testing ensures that users can't exceed their access rights or mimic others, fortifying your application against #unauthorized actions. 🔍 The Importance of Credentials in Penetration Testing > While the allure of #hacking in, might seem appealing, effective #security #assessments go deeper. They evaluate the application's functions and security measures beyond mere unauthorized access. It's often a rare find to discover a web application completely devoid of vulnerabilities; however, a thorough examination requires legitimate credentials. > Credentials enable a deeper analysis, allowing us to uncover potential #weaknesses within the application's #logic and #security #protocols. It's about testing the full spectrum of security measures, ensuring a fortified defense against not just direct attacks but also indirect threats, such as phishing. 🛡️ Beyond the Initial Barriers > Web Application Firewalls (#WAFs), rate-limiting tools, #DDoS attack prevention systems, and similar security mechanisms serve as formidable defenses in the digital realm. When properly configured, they act as essential barriers against a plethora of #cyberthreats. However, it's crucial to understand that while these tools are indispensable, they do not address the underlying vulnerabilities inherent to web applications. > The importance of allowing our systems on your #allowlist: This crucial step gives our #security #consultants the authorization to conduct a thorough and unrestricted examination of your web applications. It's only through this deep-dive analysis that we can truly uncover and understand the vulnerabilities hidden within. --- Each web application presents unique challenges and requires a tailored approach! - https://t.co/thWuQ5nVnK #Cybersecurity #WebAppPenTest #TechInsights #SecureWeb #CyberThreats #PenetrationTesting #Infosec #Logisek

logisekict's tweet photo. Mastering #Web #Application #Penetration #Testing

At #Logisek, we specialize in delivering top-tier web application penetration testing to safeguard your #digital #assets. But what does it take to scope a web app penetration test properly?

---

🎯 #Scoping #Essentials

A well-defined scope is crucial for effective penetration testing. Several factors need consideration:

- #Application #Inventory: Understanding the number and type of web applications, including static and dynamic pages, input fields, and forms.
- #Authentication #Requirements: Deciding whether tests will proceed with or without credentials and identifying the roles for testing.
- #Test #Environment: We advocate for testing in UAT, QA, or DEV environments to protect your live operations.

🗝️ The Need for #Multiple #Accounts

> Diverse user roles within web applications—from read-only access to administrative privileges—demand a nuanced approach. Supplying #credentials for each role enables our team to meticulously assess both #vertical and #horizontal permission controls. This comprehensive testing ensures that users can't exceed their access rights or mimic others, fortifying your application against #unauthorized actions.

🔍 The Importance of Credentials in Penetration Testing

> While the allure of #hacking in, might seem appealing, effective #security #assessments go deeper. They evaluate the application's functions and security measures beyond mere unauthorized access. It's often a rare find to discover a web application completely devoid of vulnerabilities; however, a thorough examination requires legitimate credentials.

> Credentials enable a deeper analysis, allowing us to uncover potential #weaknesses within the application's #logic and #security #protocols. It's about testing the full spectrum of security measures, ensuring a fortified defense against not just direct attacks but also indirect threats, such as phishing.

🛡️ Beyond the Initial Barriers

> Web Application Firewalls (#WAFs), rate-limiting tools, #DDoS attack prevention systems, and similar security mechanisms serve as formidable defenses in the digital realm. When properly configured, they act as essential barriers against a plethora of #cyberthreats. However, it's crucial to understand that while these tools are indispensable, they do not address the underlying vulnerabilities inherent to web applications.

> The importance of allowing our systems on your #allowlist: This crucial step gives our #security #consultants the authorization to conduct a thorough and unrestricted examination of your web applications. It's only through this deep-dive analysis that we can truly uncover and understand the vulnerabilities hidden within.

---

Each web application presents unique challenges and requires a tailored approach!

- https://t.co/thWuQ5nVnK

#Cybersecurity #WebAppPenTest #TechInsights #SecureWeb #CyberThreats #PenetrationTesting #Infosec #Logisek

839

over 2 years ago

🛡️ Stay One Step Ahead of #Phishing Attacks! Don't be a #Phish! 💡 #Phishing attacks cleverly disguise themselves, aiming to trick individuals and organizations into giving away sensitive information. At #Logisek, we're dedicated to turning the tide against these #cyberthreats. Empowering you with the right knowledge and tools is our priority, ensuring you're always a step ahead of #malicious actors. The #Threats - #Impersonation Tactics: From fake Microsoft alerts on "Unusual sign-in activity" to emails mirroring legitimate companies, attackers are getting craftier. - #SpearPhishing: Personalized attacks using information about you, making them seem eerily credible. - #CEO #Fraud & #Whaling: Emails masquerading as urgent requests from top executives, aiming to deceive you into transferring funds or revealing confidential data. - #Clone #Phishing & #Typosquatting: Creating replicas of legitimate emails or websites with subtly altered domain names to trick you. - #Compromised #Insider: Even emails from colleagues could be a trap if their accounts have been taken over by attackers. #Vigilance - Be #Skeptical: Treat unsolicited requests for information with caution. If it seems out of character or too urgent, double-check. Don't trust colleagues suspicious requests that they would never do. - #Verify, Then Trust: Always use official contact information to verify requests, bypassing the details provided in suspicious emails, SMS or phone calls out of the blue. - #Verify Sources: Contact the company directly using information from their official website, not the contact details provided in the message. - #Look Before You Leap: Hover over links to preview their true destination. A mismatch between the link text and URL is a red flag. - #Secure Your Steps: Use Multi-Factor Authentication (MFA) for an added security layer, ensuring only you can access your accounts even if passwords are compromised. #Preventive #Measures - #Email #Wisdom: Enhance your inbox's defense with email filtering solutions, blocking phishing attempts before they reach you. - #Education & #Reporting: Foster a culture where reporting phishing attempts is encouraged and simple, turning every employee into a vigilant guard against cyber threats. - #Safe #Browsing: Avoid navigating to suspicious websites that could harbor phishing traps or malware. - #Email Filters: Use email filtering solutions to detect the majority of phishing emails and block suspicious domain names and IP addresses. #Building a #Shield 🛡️ 🔍 Remember, knowledge and caution are your best allies. By staying informed and adopting a cautious approach to online interactions, you can collectively thwart the efforts of #cybercriminals. Build a #culture of #cybersecurity awareness, where every click is made with confidence and every email is scrutinized with a keen eye. - https://t.co/thWuQ5nVnK #CyberSecurityAwareness #CyberSecurityCulture #PhishingPrevention #DontBeAPhish #StaySafeOnline #Infosec #Logisek

logisekict's tweet photo. 🛡️ Stay One Step Ahead of #Phishing Attacks! Don't be a #Phish!

💡 #Phishing attacks cleverly disguise themselves, aiming to trick individuals and organizations into giving away sensitive information. At #Logisek, we're dedicated to turning the tide against these #cyberthreats. Empowering you with the right knowledge and tools is our priority, ensuring you're always a step ahead of #malicious actors.

The #Threats

- #Impersonation Tactics: From fake Microsoft alerts on "Unusual sign-in activity" to emails mirroring legitimate companies, attackers are getting craftier.
- #SpearPhishing: Personalized attacks using information about you, making them seem eerily credible.
- #CEO #Fraud & #Whaling: Emails masquerading as urgent requests from top executives, aiming to deceive you into transferring funds or revealing confidential data.
- #Clone #Phishing & #Typosquatting: Creating replicas of legitimate emails or websites with subtly altered domain names to trick you.
- #Compromised #Insider: Even emails from colleagues could be a trap if their accounts have been taken over by attackers.

#Vigilance

- Be #Skeptical: Treat unsolicited requests for information with caution. If it seems out of character or too urgent, double-check. Don't trust colleagues suspicious requests that they would never do.
- #Verify, Then Trust: Always use official contact information to verify requests, bypassing the details provided in suspicious emails, SMS or phone calls out of the blue.
- #Verify Sources: Contact the company directly using information from their official website, not the contact details provided in the message.
- #Look Before You Leap: Hover over links to preview their true destination. A mismatch between the link text and URL is a red flag.
- #Secure Your Steps: Use Multi-Factor Authentication (MFA) for an added security layer, ensuring only you can access your accounts even if passwords are compromised.

#Preventive #Measures

- #Email #Wisdom: Enhance your inbox's defense with email filtering solutions, blocking phishing attempts before they reach you.
- #Education & #Reporting: Foster a culture where reporting phishing attempts is encouraged and simple, turning every employee into a vigilant guard against cyber threats.
- #Safe #Browsing: Avoid navigating to suspicious websites that could harbor phishing traps or malware.
- #Email Filters: Use email filtering solutions to detect the majority of phishing emails and block suspicious domain names and IP addresses.

#Building a #Shield 🛡️

🔍 Remember, knowledge and caution are your best allies. By staying informed and adopting a cautious approach to online interactions, you can collectively thwart the efforts of #cybercriminals. Build a #culture of #cybersecurity awareness, where every click is made with confidence and every email is scrutinized with a keen eye.

- https://t.co/thWuQ5nVnK

#CyberSecurityAwareness #CyberSecurityCulture #PhishingPrevention #DontBeAPhish #StaySafeOnline #Infosec #Logisek

201

over 2 years ago

💡 At #Logisek, we deeply value the insights and contributions of our team. We understand that our #employees are on the front lines of #cybersecurity and often have valuable perspectives and innovative ideas that can drive our company forward 🚀. To foster a #culture of #collaboration and #continuous #improvement, we have established several channels and processes for incorporating employee suggestions: 🚪 Open-Door #Policy: Our leadership team maintains an open-door policy, encouraging employees to freely share their ideas and feedback. This approach promotes a sense of belonging and respect, ensuring that every voice is heard and considered. 🗣️ Regular #Feedback Sessions: We hold regular team meetings and feedback sessions, where employees can present their suggestions and discuss them with colleagues and management. These sessions are not only platforms for idea sharing but also opportunities for collaborative brainstorming and innovation. 📮 Dedicated #Suggestion Box: We provide a digital suggestion box, accessible to all employees. This platform allows team members to anonymously submit their ideas, ensuring that they can express their thoughts freely, without any reservations. 🔧 Innovation #Workshops: Periodically, we organize innovation workshops and hackathons, encouraging our team to work on projects that interest them and to explore new solutions to cybersecurity challenges. These events are excellent opportunities for employees to showcase their creativity and problem-solving skills. 🏆 #Recognition and #Rewards: We acknowledge and reward contributions that lead to tangible improvements or innovations . This recognition not only motivates our employees but also reinforces our commitment to valuing and implementing their suggestions. 👂 #Feedback Loop: Every suggestion is evaluated, and employees are informed about the outcomes. Whether implemented, kept for future consideration, or not feasible, we ensure transparency in our decision-making process. 🌐 At #Logisek, we believe that the best ideas often come from those who are working closely with the challenges and opportunities of the #cybersecurity landscape. By incorporating employee suggestions into our #strategy, we stay #agile, #innovative, and ahead of emerging #threats. #RemoteWork #RemoteJobs #Infosec #Logisek

logisekict's tweet photo. 💡 At #Logisek, we deeply value the insights and contributions of our team. We understand that our #employees are on the front lines of #cybersecurity and often have valuable perspectives and innovative ideas that can drive our company forward 🚀.

To foster a #culture of #collaboration and #continuous #improvement, we have established several channels and processes for incorporating employee suggestions:

🚪 Open-Door #Policy: Our leadership team maintains an open-door policy, encouraging employees to freely share their ideas and feedback. This approach promotes a sense of belonging and respect, ensuring that every voice is heard and considered.

🗣️ Regular #Feedback Sessions: We hold regular team meetings and feedback sessions, where employees can present their suggestions and discuss them with colleagues and management. These sessions are not only platforms for idea sharing but also opportunities for collaborative brainstorming and innovation.

📮 Dedicated #Suggestion Box: We provide a digital suggestion box, accessible to all employees. This platform allows team members to anonymously submit their ideas, ensuring that they can express their thoughts freely, without any reservations.

🔧 Innovation #Workshops: Periodically, we organize innovation workshops and hackathons, encouraging our team to work on projects that interest them and to explore new solutions to cybersecurity challenges. These events are excellent opportunities for employees to showcase their creativity and problem-solving skills.

🏆 #Recognition and #Rewards: We acknowledge and reward contributions that lead to tangible improvements or innovations . This recognition not only motivates our employees but also reinforces our commitment to valuing and implementing their suggestions.

👂 #Feedback Loop: Every suggestion is evaluated, and employees are informed about the outcomes. Whether implemented, kept for future consideration, or not feasible, we ensure transparency in our decision-making process.

🌐 At #Logisek, we believe that the best ideas often come from those who are working closely with the challenges and opportunities of the #cybersecurity landscape. By incorporating employee suggestions into our #strategy, we stay #agile, #innovative, and ahead of emerging #threats.

#RemoteWork #RemoteJobs #Infosec #Logisek

239

over 2 years ago

🛒 Navigating #Cybersecurity in #Retail, #Trading & #ECommerce In today’s #digital era, the retail, trading, and e-commerce sectors face an array of cybersecurity #threats that can impact both business operations and consumer trust. At #Logisek, we're committed to helping these industries tackle these challenges head-on. Here's a glimpse into the prevalent risks: 🔒 Point-of-Sale (#POS) System #Vulnerabilities: POS #malware can siphon off customer payment information, posing a significant threat to transaction security. Continuous monitoring and regular software updates are crucial in safeguarding these systems. #Supplier System #Weaknesses: Vulnerabilities in supplier networks can lead to compromised retail systems, highlighting the need for stringent security protocols across the supply chain. In-Store & #Corporate Risks: The diversity of connected assets in retail environments, from mobile POS devices to in-store Wi-Fi networks, expands the attack surface, necessitating comprehensive security measures. 📲 #Mobile and #Online Frauds: With the rise of mobile purchases and buy-online-pick-up-in-store options, retailers face new scam threats, including fraudulent payment methods and gift card manipulations. #WebApp & #API Insecurities: E-commerce #platforms must secure web applications and APIs against data breaches, ensuring robust encryption and secure coding practices. #PCIDSS: A Shield Against Threats Data #Encryption: By encrypting cardholder data, PCI-DSS ensures that even in a breach, the information remains protected. Regular #SecurityAssessments: These mandatory #assessments help identify and rectify system vulnerabilities, staying ahead of potential exploits. #AccessControl: Limiting data access to authorized personnel mitigates the risk of insider threats and unauthorized data exposure. 🖥️ #Network #Security: Implementing #firewalls and intrusion detection systems fortifies the network, safeguarding against external cyber threats. At #Logisek, we recognize that staying one step ahead of these evolving threats is key. Our cutting-edge solutions and expert guidance aim to fortify the retail sector's defenses, maintaining not just security but also the trust of millions of customers globally. Learn more about our cybersecurity #solutions for #retail and e-commerce at https://t.co/thWuQ5nVnK. #EcommerceSecurity #CyberThreats #PCIDSS #DataProtection #RetailTech #CyberResilience #innovation #saas #startups #ecommerce #infosec #Logisek

logisekict's tweet photo. 🛒 Navigating #Cybersecurity in #Retail, #Trading & #ECommerce

In today’s #digital era, the retail, trading, and e-commerce sectors face an array of cybersecurity #threats that can impact both business operations and consumer trust. At #Logisek, we're committed to helping these industries tackle these challenges head-on.

Here's a glimpse into the prevalent risks:

🔒 Point-of-Sale (#POS) System #Vulnerabilities: POS #malware can siphon off customer payment information, posing a significant threat to transaction security. Continuous monitoring and regular software updates are crucial in safeguarding these systems.

#Supplier System #Weaknesses: Vulnerabilities in supplier networks can lead to compromised retail systems, highlighting the need for stringent security protocols across the supply chain.

In-Store & #Corporate Risks: The diversity of connected assets in retail environments, from mobile POS devices to in-store Wi-Fi networks, expands the attack surface, necessitating comprehensive security measures.

📲 #Mobile and #Online Frauds: With the rise of mobile purchases and buy-online-pick-up-in-store options, retailers face new scam threats, including fraudulent payment methods and gift card manipulations.

#WebApp & #API Insecurities: E-commerce #platforms must secure web applications and APIs against data breaches, ensuring robust encryption and secure coding practices.

#PCIDSS: A Shield Against Threats

Data #Encryption: By encrypting cardholder data, PCI-DSS ensures that even in a breach, the information remains protected.

Regular #SecurityAssessments: These mandatory #assessments help identify and rectify system vulnerabilities, staying ahead of potential exploits.

#AccessControl: Limiting data access to authorized personnel mitigates the risk of insider threats and unauthorized data exposure.

🖥️ #Network #Security: Implementing #firewalls and intrusion detection systems fortifies the network, safeguarding against external cyber threats.

At #Logisek, we recognize that staying one step ahead of these evolving threats is key. Our cutting-edge solutions and expert guidance aim to fortify the retail sector's defenses, maintaining not just security but also the trust of millions of customers globally.

Learn more about our cybersecurity #solutions for #retail and e-commerce at https://t.co/thWuQ5nVnK.

#EcommerceSecurity #CyberThreats #PCIDSS #DataProtection #RetailTech #CyberResilience #innovation #saas #startups #ecommerce #infosec #Logisek

188