Olivia
Online
PC
@pchobbit
Talos Incident Response global leader by day - former CISO, Risk Management, etc. Gamer, RPG. travel enthusiast by night -The views expressed are my own
@pchobbit.bsky.social
Joined January 2009
1.7K Following
1.2K Followers
17.8K Posts
Pinned Tweet
This was a great blog to help to craft, showing the power behind our IR team and Threat Intelligence capabilities at Talos. Great work Team!
Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Read the blog here: https://t.co/dwmemnADLT
Going private this weekend, go find me elsewhere
Who to follow
J⩜⃝mie Williams
@jamieantisocial
threats && stuff || #UNC1799 forever 🤘|| @DistrictHeather ♥️ + 🍷, ✌️🇺🇸➡️🇫🇷
**𝚅𝚒𝚎𝚠𝚜 𝚎𝚡𝚙𝚛𝚎𝚜𝚜𝚎𝚍 𝚊𝚛𝚎 𝚖𝚈 օ𝚠𝚗**
Shecky - Third Wheel
@SiliconShecky
He/Him, Dad, Security Engineer, Burbsec, BlueTeam, Podcast Host, Theatre, Train Hobbyist, 'Dammit Shecky', GCIH, CISSP, Meat Popsicle, N9HAK
Adam Pennington
@_whatshisface
I lead @mitreattack. Ask me about deception, but don't believe the answers. Non ATT&CK tweets only speak for me. @[email protected]
@LemonKiwi_ Woot! :)
@LitMoose Chris Sanders, Xintra (amazing for O365/Azure goodies), Spectre Ops, and 13cubed.
Good on you for supporting training for your team!
Fun to work with @Google on their latest Security white paper!
My fave quote: “Folks throw money at a super expensive platform, but then don’t have a password manager for the team! It’s like spending money on ballistic windows but your door is wide open.”
https://t.co/Ze8bvkgKQ1
I remain as adamant as before that "humanless, full-auto #SOC" is not coming any time soon, BUT I sense that we are close to replicating the quality of shitty, low-cost MSSP/MDR with machines alone, no humans needed... So, shitty, low-cost MDRs beware, you business may be toast.
🔍💻 PowerShell Pro Tip! 💻🔍
Ever wondered what app opens specific file extensions on your Windows machine? 🤔 Sure, it’s not new, but it’s super handy! 💪
Use this PowerShell magic to find file extensions and their associated apps (like finding out `.rdp` opens with `mstsc.exe`)! 🚀
```
$associations = @()
$registryPaths = @(
"HKLM:\Software\Classes",
"HKCU:\Software\Classes"
)
foreach ($path in $registryPaths) {
Get-ChildItem $path | ForEach-Object {
if ($_.PSChildName -like ".*") {
$extension = $_.PSChildName
$progId = (Get-ItemProperty -Path "$($_.PSPath)" -ErrorAction SilentlyContinue).'(Default)'
if ($progId) {
$commandPath = (Get-ItemProperty -Path "$path\$progId\shell\open\command" -ErrorAction SilentlyContinue).'(Default)'
$associations += [PSCustomObject]@{
Extension = $extension
ProgID = $progId
AssociatedApp = $commandPath
}
}
}
}
}
$associations | Out-GridView -Title "File Extensions and Associated Applications"
```
https://t.co/CrauqScfac
Hit enter & watch as the magic unfolds! 🎩✨ Explore the full list in a GUI to see extensions + their apps!
Because sometimes… knowing is half the battle 🛡️💡
🖥️🐱💻
![M_haggis's tweet photo. 🔍💻 PowerShell Pro Tip! 💻🔍
Ever wondered what app opens specific file extensions on your Windows machine? 🤔 Sure, it’s not new, but it’s super handy! 💪
Use this PowerShell magic to find file extensions and their associated apps (like finding out `.rdp` opens with `mstsc.exe`)! 🚀
```
$associations = @()
$registryPaths = @(
"HKLM:\Software\Classes",
"HKCU:\Software\Classes"
)
foreach ($path in $registryPaths) {
Get-ChildItem $path | ForEach-Object {
if ($_.PSChildName -like ".*") {
$extension = $_.PSChildName
$progId = (Get-ItemProperty -Path "$($_.PSPath)" -ErrorAction SilentlyContinue).'(Default)'
if ($progId) {
$commandPath = (Get-ItemProperty -Path "$path\$progId\shell\open\command" -ErrorAction SilentlyContinue).'(Default)'
$associations += [PSCustomObject]@{
Extension = $extension
ProgID = $progId
AssociatedApp = $commandPath
}
}
}
}
}
$associations | Out-GridView -Title "File Extensions and Associated Applications"
```
https://t.co/CrauqScfac
Hit enter & watch as the magic unfolds! 🎩✨ Explore the full list in a GUI to see extensions + their apps!
Because sometimes… knowing is half the battle 🛡️💡
🖥️🐱💻](https://pbs.twimg.com/media/Gccv-AbbcAAdXOu.png)
@MuellerSheWrote @joshrogin @JunkMell @thedailybeast She's been a Russian plant for years now, this is disgusting
@JenMsft beep boop :)
Investigation Scenario 🔎
You’ve discovered a Windows 10 host placed in the wrong AD OU. As a result, WSUS did not pick it up for automatic updates for at least two years.
What do you look for to investigate whether it has been compromised?
#InvestigationPath #DFIR #SOC
Entra ID monitoring - are you doing the basics?
Part 1 https://t.co/wOH7xRiolo
Part 2 https://t.co/utHieXbjTz
Part 3 https://t.co/uHt0X3CovR
Invoke-SMBRemoting. utilizes the SMB protocol to establish a connection with the target machine, and sends commands (and receives outputs) using Named Pipes. by @L3o4j
https://t.co/7zQ8uhymLe
The problem I have with AI is that the implementations are attempting to replace critical thinking with a poor replacement. It's not going to work, it causes people to stop learning or trying to be able to critically think, write, etc. and without their crutch they are useless.
New Sigma release r2024-11-10 is available for download
🌟 17 New Rules
🛡️ 35 Rule updates
🔬 4 Rule Fixes
This release includes rules covering
- Suspicious .RDP file creation by Outlook and other uncommon processes.
- IIS config tampering.
- PowerShell Web Access abuse.
- Antivirus cheat sheet updates
And more 🔥
Check the full change log and start exploring this, by downloading the latest release -> https://t.co/pdy8ehQVy9
Also keep an eye for the next release soon, as I go through the rest of the PRs.
Thanks to the many contributors that helped shape this release, specifically
ahmedfarou22, bharat-arora-magnet, BlackB0lt, CheraghiMilad, dan21san, @defensivedepth, @deFr0ggy, djlukic, @frack113, fukusuket, ionsor, jaegeral, @imlordofthering, Koifman, Mahir-Ali-khan, @MalGamy12, @M_haggis , Milad Cheraghi, @cyb3rops , ruppde, @AltgeltMax , swachchhanda000, @Kostastsale , wieso-itzi, @X__Junior
SharpADWS is an Active Directory Recon and
Exploit tool for Red Teams via the ADWS protocol, Inspired by @FalconForceTeam
Without the LDAP protocol, it can easily bypass most traffic monitoring for LDAP
#BloodHound #redteam #Pentesting #CyberSecurity
https://t.co/RfhiJvvr1E
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers