I just published a writeup on a previously undisclosed vulnerability I found in the @quest KACE SMA that allows any authenticated user to run any PowerShell script of their own choosing as NT AUTHORITY\SYSTEM.
https://t.co/LAKjek9BYA
🔥 New Post: Announcing InAppBrowser - see what JavaScript commands get injected through an in-app browser
👀 TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps.
https://t.co/TxN1ezZX71
We’re on the ground at #RSAC finishing booth prep in Moscone South 3438 and lining up our brand new technique stickers. Come say hi and grab a T1055, T1553.001, T1056.001, T1543.004, or T1611 while you’re here!
Thoughts on which ones we should do next?
How to reverse engineer and patch an iOS application for *BEGINNERS*! 😍
I walk through every step in detail using free tools:
> LLDB/debugserver
> otool/pagestuff
> cycript (for hooking)
& I built a custom application for you to break :) uwu
https://t.co/4FXB9uITcd
Want a quick & dirty (but supported by Microsot) way to avoid #follina Office know payloads?
Just disable "Troubleshooting wizards" by GPO
> https://t.co/0BqTFaHsUj
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics - EnableDiagnostics - 0
By CERT @banquedefrance
Yay! Excited to be attending @securityfest today and get a chance to listen to @jaysonstreet, @Viss, @stokfredrik and all the other speakers sharing their knowledge and insights with the infosec community. 😎
@bettersafetynet@UK_Daniel_Card@shotgunner101 Let’s make all our session tokens NFT’s, or rather NFST’s. No one can steal my Non-Fungible Session Token. It even comes with a certificate, + there’s blockchain involved.
As I continue my road down token research, I thought I would document some cool findings.
Here is a writeup if you are interested!
https://t.co/v2u73IVRLX
Figured it was high time for another update to my AD cheat sheet! Pushed some new techniques, and made changes to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz sections as well as fixing some whoopsies 🙃
https://t.co/XA0POBquyM
We have successfully archived the Conti affiliate training material - a compilation of various RedTeaming videos, RedTeaming tools, malicious powershell scripts, etc. This is essentially the Conti 'continual education' program.
You can download it here: https://t.co/ItOtrhOnGv
We have received additional Conti material - it is software, documentation, and tutorials provided to Conti affiliates. We will share this data when we have successfully archived everything. It is 27GBs.
Thank you, @intel_bo7 for alerting us to these documents.
How do you prevent a ransomware attack? Our new content breaks down how the CERT NZ Critical Controls can help you stop a ransomware attack with a defence-in-depth application. See it here: https://t.co/aVeXpuQh9w
Introduction to Computer Science and Programming in Python.
From MIT. For free.
For those who are looking for a more structured approach to learn Computer Science and Python, you get:
• Video Lectures
• Interactive Assessments
• Assignments
https://t.co/HW4KEs6f6v