Good morning from #SOCON2024! Follow along with us here this week and please share your experience using our hashtag.
You can also now follow us on Instagram 👉 https://t.co/d9jSWXKofE
We're thrilled to announce BloodHound Community Edition (CE) -- the next evolution of #BloodHound.
Scheduled for release on 8/8, BloodHound CE has many new features & enhancements, making it easier for users to deploy, manage, and utilize.
Learn more: https://t.co/aLMuHQvwfB
There's still time to register for one of our six courses, including our Adversary Tactics courses!
See our full listing of courses here: https://t.co/f5OBFSCuFU
I've been writing a bunch of Twitter threads recently & have been asked to codify them into blogposts. Here's one describing how there's more than meets the eye when it comes to API functions.
My goal is to build on this post w/ some cool new ideas.
https://t.co/AULGAwcwUC
In our never-ending hunt for new persistence techniques, @mutantvillian and I spent some time digging into using preview handlers over the past few weeks. Today we're publishing our research along with detection guidance. https://t.co/3gizujwN8R
I just published my first @SpecterOps post about Shadow Credentials - an alternative technique for taking over user and computer objects in AD.
Check it out:
https://t.co/ZjRO40J8Ub
5 months ago @tifkin_ and I started looking into the security of Active Directory Certificate Services. Today we're releasing the results of that research- a blog post https://t.co/xNSDvqVrI5 + a 140-page whitepaper and defensive audit tool (links at the top of the post) [1/6]
I'm extremely proud to announce The Attack Path Management Manifesto - our perspective, thoughts, and vision for directly dealing with the problem of Attack Paths: https://t.co/BsOnGpHh9O
Man in the Terminal - Leveraging environment $PATH variables to keylog, hijack SSH sessions, and more. Useful for post-ex activities on shared *nix jumpboxes or developer workstations.
Blog: https://t.co/kjwmKd0stX
I am incredibly excited to announce I will soon join Help Systems as Tech Director for Cobalt Strike. I look forward to starting this new journey and expect great things to come. Please help me share this great news @HelpSystemMN @CoreAdvisories#cobaltstrike#redteam#blueteam
Happy Monday everyone!
Today @matterpreter and I are releasing a joint blog where we dive deep into the methodology we used to uncover the technology that atsvc utilizes within scheduled tasks.
Hope you enjoy!
https://t.co/iPtpfTxSJL
Our team is really happy to introduce BloodHound Enterprise, coming in the summer of 2021.
The webinar is now available on-demand here: https://t.co/M11M7PJ5IO
For more information about BloodHound Enterprise: https://t.co/fKsV0rWtgy
I wrote a blog talking about the "when" of building detections, a concept that doesn't always make into the detection development process. I discuss considerations of detections past, present, and future.
https://t.co/6C6dWPOMYB
For the past 6-7 months I have been diving into one of Windows core components - RPC. During my research, I found how to utilize RPC telemetry from a defensive perspective. I’ve compiled my findings in the following paper-
https://t.co/XhmZXad3EW
For the past few months, I've been diving into Apple's Endpoint Security Framework. This post shares how I use the framework for detection engineering purposes. https://t.co/jhTnxXYlAS
This course taught me how much more I had to learn about PowerShell and Windows internals related to it. Definitely recommend you take advantage of this exceptional material. Makes me proud to be part of a company so dedicated to furthering the industry
Despite its incredible security enhancements, PowerShell continues to be abused by adversaries. A strong knowledge of PowerShell enables defenders to effectively manage and respond to its abuse. (1/4)
Just released Satellite, a payload hosting and proxy software for red team operations. In the blog post, I discuss the feature set of Satellite as well as why an operator would choose it over Apache or Nginx. https://t.co/qxMIembSyi