Olivia
Online
Nick Tyrer
@NickTyrer
North West, England
Joined June 2013
288 Following
981 Followers
214 Posts
Quick post on how I got set up and hands-on with docker:
https://t.co/uBKvVaYL46
It's been a while since I wrote the #BLUETEAMTIPS post - exactly a year tbh 😉
While I've only worked on a few recently I still strongly standby all previous points as a starting point to help defend your network. Try hit all 21 and see! 😎
#DFIR #BLUETEAMTIPS🔵
This is basically all that AMSI reports for DotNetToJScript execution 🤔.. I guess the error messages together with the base64 are probably informative enough to write a signature (I have not investigated at scale) 🔥🔫
@JPG1nc In your testing did this method work when Applocker is blocking .exe files in the Temp dir?
[Blog] Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques
https://t.co/Hf9jZDHuQZ
I've updated the #BlueTeamTips blog post.
19. Control the Power of PowerShell
-The PowerShell “version 2 problem".
-Lock PowerShell down to only talk to RFC1918 ranges. @brunogdiniz 👏
-Monitor for PowerShell .NET assembly calls with Sysmon/EDR tooling
#DFIR #PowerShell
Updated my Metasploit module that assists in bypassing Applocker to include WMIC.exe bypass by @subTee and Workflow.Compiler.exe by @mattifestation. Give it a try here: https://t.co/BXDKb7z1Ax.
@sneakymonk3y Yup the R480 can use AMD's open source AMDGPU PRO driver. So you would get OpenGL, OpenCL, Vulkan support. AMD has overtaken Nvidia on Linux.
Three part blog post on how I switched to Linux and created a virtual lab using QEMU/KVM, IOMMU and PCI passthrough.
Post 1 https://t.co/fSqdtv0t4w
Post 2 https://t.co/5vyNMPXCzR
Post 3 https://t.co/pPkPqvOYGF
@sneakymonk3y Give it a go, it's pretty simple as long as you have the right hardware.
Finally got round to finishing a few #BlueTeamTips on my blog - hope they help! #DFIR https://t.co/xdVzGXaDFS
@bohops @subTee @Oddvarmoe @mattifestation @Hexacorn @enigma0x3 @Moriarty_Meng @n3mes1s @0rbz_ Thank you.
Mission accomplished.
#drupalgeddon2 #cve-2018-7600 #sa-core-2018-002
@drupalsecurity
https://t.co/NUqNXiezGC
New persistence technique using GlobalFlags in Image File Execution Options
https://t.co/Xkq6mC5K2q
Does not show up in Autoruns.exe.
Enjoy! #Blogpost #FeedBackWelcome
Windows Script File 'tampering' with manage-bde.wsf
(...not really sure if this script is needed for "backwards compatibility" anymore)
https://t.co/D63RXSmqcy
Lots more phishing documents - including one sent yesterday (MIT.doc) - and a breakdown of the TTP shift*️⃣ in our #MuddyWater 🇮🇷 campaign write-up: https://t.co/3FOrkzJ7YZ
That's a lot of POWERSTATS! #DFIR
*️⃣ Feb 2018 use of .INF + .SCT files https://t.co/5eEvkMEl7U
Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence [featuring InstallHinfSection, CMSTP, LaunchINFSection]
Special thanks to @Oddvarmoe and @ItsReallyNick for their insight!
https://t.co/050zbVWOfO
AppLocker Bypass via remote SCT code execution:
rundll32.exe advpack.dll,LaunchINFSection c:\test.inf,DefaultInstall_SingleUser,1,
INF-SCT-CMSTP method inspired by @NickTyrer @KyleHanslovan @Oddvarmoe @subtee - https://t.co/1hzdVAZRdp
INF Test File - https://t.co/pZ3BhX3XTa
Last Seen Users on Sotwe
ngingi
Seen from Indonesia
Kowy1999
Seen from Singapore
قلب الاسد الاسددي
Seen from Switzerland
Rachel Toll
Seen from United States
R
Seen from France
Gurbetçi Maho 
Seen from Austria
🔞scruppy97🔞 4.99 OF NO PPV!
Seen from Colombia
Fox ngắm trai đẹp 🦊
Seen from Vietnam
Gavat Kocaların Boynuz Yeme Mekanı
Seen from Turkey
chye p papua
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers