student of security and behavioral science. always curious to learn. love to share info. California road tripper. home coffee roaster. kayaker. scuba diver.
The Pittsburg Center Station is closed due to a shooting that occurred around 3:50pm. One person injured.
We are gather more details.
Trains are running through the station but not stopping.
Excited to share the stage with @xorrior next week for #OBTSv5! We will be discussing “living off the land” techniques for macOS! Please say hello if you will be there! https://t.co/HYjhdd9vkj
I know some friends have been waiting to see the talk myself and @desi_jarvis put together for Bsides SF on red team operations in GCP so if you weren't able to make the live presentation then check it out here: https://t.co/qHbhrObuPI
Super excited to be speaking at @BSidesSF on Sunday about Securing Your Cloud with Red Team Engagements in GCP. Hope to you see you all there! https://t.co/eftsUPRFmG
In 1 week, BSidesSF Staff and Volunteers start the physical work of getting everything for the conference. Do you have your ticket to join us on June 4th & 5th to enjoy the efforts of our labor? No? We want to see you! https://t.co/ERWhT2g9Qp
gcpHound v2.0 is out. It comes with the Web UI to query IAM permissions for different targets.
Next evolution will have Attack Paths as well as other cool GCP abuse cases from @Richarjb
https://t.co/m0epPk5D1L
🧵
1/ Two days ago I shared this image to demonstrate how many unique paths exist for a single behavior. At the time I didn't know how to use it, but today I realized it shows why red teams, MITRE evals, & vendor tests can't answer Technique coverage questions without change.
If you are looking for a Metasploit module for scanning Log4Shell , check out my write-up below.
I have also outlined some things I found useful as well as resources you can use to write / customize your own module.
https://t.co/jEmVsxcsmB
gcpHound: This hound has learned some new tricks Learn about the new features by @desi_jarvis and myself and why the cat is upset at my latest blog post https://t.co/2ujCLWlMos
Just added support to LDAP Serialized Payloads in the JNDI-Exploit-Kit. This attack path works in *ANY* java version as long the classes used in the Serialized payload are in the application classpath. Do not rely on your java version being up-to-date and update your log4j ASAP!