Olivia
Online
Rob Winchester
@robwinchester3
Vice President @SpecterOps | Former USAF | Problem Solver
Joined January 2011
228 Following
1.3K Followers
427 Posts
Good morning from #SOCON2024! Follow along with us here this week and please share your experience using our hashtag.
You can also now follow us on Instagram 👉 https://t.co/d9jSWXKofE
We're thrilled to announce BloodHound Community Edition (CE) -- the next evolution of #BloodHound.
Scheduled for release on 8/8, BloodHound CE has many new features & enhancements, making it easier for users to deploy, manage, and utilize.
Learn more: https://t.co/aLMuHQvwfB
There's still time to register for one of our six courses, including our Adversary Tactics courses!
See our full listing of courses here: https://t.co/f5OBFSCuFU
I've been writing a bunch of Twitter threads recently & have been asked to codify them into blogposts. Here's one describing how there's more than meets the eye when it comes to API functions.
My goal is to build on this post w/ some cool new ideas.
https://t.co/AULGAwcwUC
Who to follow
Lee Chagolla-Christensen
@tifkin_
I like making computers misbehave. Does stuff at https://t.co/YsrVyTjOY7.
https://t.co/UsRIholZ3M
Steven
@0xthirteen
Working to become smarter everyday. Adversary Simulation Service Architect @SpecterOps.
Matt Hand 
@matterpreter
Building @originhq | Author, Evading EDR @nostarch
Thanks for hosting me, had a blast chatting with everyone
Episode 9 featuring @SpecterOps's own @robwinchester3 is LIVE! Uploading to YouTube as we speak :)
https://t.co/jiAoFpvn6x
In our never-ending hunt for new persistence techniques, @mutantvillian and I spent some time digging into using preview handlers over the past few weeks. Today we're publishing our research along with detection guidance. https://t.co/3gizujwN8R
I just published my first @SpecterOps post about Shadow Credentials - an alternative technique for taking over user and computer objects in AD.
Check it out:
https://t.co/ZjRO40J8Ub
5 months ago @tifkin_ and I started looking into the security of Active Directory Certificate Services. Today we're releasing the results of that research- a blog post https://t.co/xNSDvqVrI5 + a 140-page whitepaper and defensive audit tool (links at the top of the post) [1/6]
I'm extremely proud to announce The Attack Path Management Manifesto - our perspective, thoughts, and vision for directly dealing with the problem of Attack Paths: https://t.co/BsOnGpHh9O
Man in the Terminal - Leveraging environment $PATH variables to keylog, hijack SSH sessions, and more. Useful for post-ex activities on shared *nix jumpboxes or developer workstations.
Blog: https://t.co/kjwmKd0stX
I am incredibly excited to announce I will soon join Help Systems as Tech Director for Cobalt Strike. I look forward to starting this new journey and expect great things to come. Please help me share this great news @HelpSystemMN @CoreAdvisories #cobaltstrike #redteam #blueteam
Happy Monday everyone!
Today @matterpreter and I are releasing a joint blog where we dive deep into the methodology we used to uncover the technology that atsvc utilizes within scheduled tasks.
Hope you enjoy!
https://t.co/iPtpfTxSJL
Our team is really happy to introduce BloodHound Enterprise, coming in the summer of 2021.
The webinar is now available on-demand here: https://t.co/M11M7PJ5IO
For more information about BloodHound Enterprise: https://t.co/fKsV0rWtgy
I wrote a blog talking about the "when" of building detections, a concept that doesn't always make into the detection development process. I discuss considerations of detections past, present, and future.
https://t.co/6C6dWPOMYB
Great work and an excellent resource if you want to better understand “how” things work
For the past 6-7 months I have been diving into one of Windows core components - RPC. During my research, I found how to utilize RPC telemetry from a defensive perspective. I’ve compiled my findings in the following paper-
https://t.co/XhmZXad3EW
@PyroTek3 I thought you were headed this direction https://t.co/3ZgdqXSWsz
@PyroTek3 You stopped this rabbit hole much earlier than I initially thought
Great resource on macOS
For the past few months, I've been diving into Apple's Endpoint Security Framework. This post shares how I use the framework for detection engineering purposes. https://t.co/jhTnxXYlAS
This course taught me how much more I had to learn about PowerShell and Windows internals related to it. Definitely recommend you take advantage of this exceptional material. Makes me proud to be part of a company so dedicated to furthering the industry
Despite its incredible security enhancements, PowerShell continues to be abused by adversaries. A strong knowledge of PowerShell enables defenders to effectively manage and respond to its abuse. (1/4)
Just released Satellite, a payload hosting and proxy software for red team operations. In the blog post, I discuss the feature set of Satellite as well as why an operator would choose it over Apache or Nginx. https://t.co/qxMIembSyi
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.6M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.5M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.9M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.6M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers