Join me and Paula for a LIVE webinar: "From Zero to Hero: Effective Escalation Paths to Domain Admin.” Learn to exploit system vulnerabilities, certificate permissions, and legacy solutions for domain access. Book now: https://t.co/Xx9kCTJsch
In #BHASIA Training "Advanced Hacking and Securing Windows Infrastructure (Virtual)" @PaulaCqure@MJL_PL and @CQUREAcademy will teach students how to identify vulnerabilities and reduce false positives with manual vulnerability verification techniques >> https://t.co/ODysmdB1aW
Great news! A new version of D3FEND is now available at https://t.co/p0R1M5btjt. D3FEND enables other cyber professionals to tailor defenses against specific cyber threats and reduce a system's potential attack surface. Learn more about D3FEND here: https://t.co/02npcnrPgi
I’m excited to share 3 memory analysis demos and teach you the exact tools and techniques I use daily to help big corporations recover from a #cyberattack. Join me in our new 3-hour #Cyberbytes virtual training, “Memory Dump Analysis” and #staycqure#CyberSecurity
new blogpost:
"How a simple Linux kernel memory corruption bug can lead to complete system compromise: An analysis of current and potential kernel security mitigations"
I'll post a copy to the kernel-hardening list later in case folks want to discuss it.
https://t.co/N81iKRgXII
when it comes to lsass cred access monitoring, we all focus on the targetimage is lsass, what about the other direction? MirrorDump defaults traces is a good example (PROCESS_DUP_HANDLE+source Image is lsass + Unknown CallTrace)
https://t.co/hs1WFImBrF
https://t.co/ljGTQbOnLK
Microsoft just patched 4 vulnerabilities we (@wiz_io) recently reported, including a CVSS 9.8 RCE. These vulnerabilities affect countless machines as the OMI agent is silently installed when enabling many Azure services. #PatchTuesday
https://t.co/N4OGpf371D
New Cobalt Strike beacon for Linux, fully undetected in VT. Has Windows implementation as well, both written from scratch. Victims including telecommunications, government, and finance sectors
Full report here -
https://t.co/EIhCWjT08O
@AbbyMCH@joakimkennedy 🔥🔥
The @OWASP Top 10 team is extremely proud to share the draft OWASP Top 10 2021 for peer review, comment, translation, and suggestions for improvements. We are working on a graphic redesign and a surprise extra for the 20th Anniversary on September 24!
https://t.co/APAGyAEsR6
In this recorded #RSAC webcast, watch as @PaulaCqure & @MJL_PL demonstrate how hackers bypass MFA to attack modern authentication protocols, and misuse WHfB and other software. Get the full video here: https://t.co/nKgaCsAECh
It's time to play with #mimikatz🥝& #kekeo🐤& #impacket
If you have a Windows PKI with its WebServer, you'll have problems🤪
No authentication/credential to *full domain owned*
> https://t.co/Wzb5GAfWfd
> https://t.co/x3n9B8HHGT
👍@topotam77 EFS & PetitPotam
👍@ExAndroidDev PR
We did almost hit de 200 attendees for our #TableTalk at #MSIgnite! One thing the panellists and attendees will remember is that no matter which technology - it's always about 'people' 😊
This thing just keeps getting better and better.
For years people would complain that PowerShell sucked because ... and then the issue would be about the console.
I’ll be glad to see those day’s in my rear-view mirror.
Are you curious about the story behind @gentilkiwi's #Mimikatz, the tool playing with Windows security?
Watch @PaulaCqure's interview with Benjamin Delpy and #stayCQURE!
https://t.co/7UweBs3k5e