Olivia
Online
Scriptmonkey_
@scriptmonkey_
Tester of Pens, Ex-Teamer of Red things, now with a more purpley shade. Biker and Recovering Eve-Online Addict. o7
[email protected] &
United Kingdom
Ikut June 2010
1.3K Mengikuti
1.4K Pengikut
7.3K Postingan
Β Tweet Sematan
Bang on Iain! As much as the example in the blog post works, getting c2 over any form of filesystem, is the real gem here.
Even locally for privesc, get a system shell without worrying about proxies for example.
Looking forward to see what folk come up with use case wise.
This is such a cool C2 channel technique. Use network file share, RDP mapped drives and anywhere else more than one host sees the same filesystem as a C2 channel which really doesn't get logged. Simple but effective!
Was recently tinkering with DPAPI and CREDHIST and managed to find a way to extract hashes for old passwords and recover them in a new module written for hashcat. Blog -> https://t.co/iX9mn4DdUd
@rvrsh3ll @T3chFalcon This has "Anything is a sex toy if you try hard enough" vibes.
DLP isn't going to stop you if you intend to exfil. It will prevent accidental derps, it will hamper illegitimate efforts, but it won't prevent a determined individual from achieving it.
@0xTib3rius @WifiRumHam May I offer you a name suggestion for your merger? The Cyber Reconnaissance and Autonomous Penetration Suite for Heuristic Offensive Operations and Testing #CRAPSHOOT
Siapa yang Harus Diikuti
@[email protected]
@christruncer
Deputy Chief, Red Team, CISA && BJJ && Veil Framework / Open Source Dev, @christruncer.bsky.social
myexploit2600
@myexploit2600
Red ;0)
Dominic Chell π» 
@domchell
Just your friendly neighbourhood red teamer @MDSecLabs @nighthawk_c2 | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
This is bad.
Putty level bad.
https://t.co/3w1C8YiBu8
@TNHillbillyHack @domchell Which ethically brings it back to assume breach. Humans will fold under the right pressure, if you want to simulate the coercion of someone. You read them in and use them as your foothold. I don't need to bribe a call center employee, they just have to follow my instruction.
@a4ds5t @JackRhysider @ProtonMail Seems silly raising this as a counter point when it doesn't account for 99% of your email traffic.
@Officialwhyte22 D. As you asked - most likely. The chance my mate's wifi is being targeted is low and ET will generally affect other devices and is usually accompanied by deauths. So they're targeting my device only, but at my mates? Nah.
It's D or E. My mates being a dick and fucking with me.
@kanavtwt If its an ancient HP ILO it's USERID.
@UK_Daniel_Card I don't get the need for rage. Surely it's...
From ffmpeg: "you're welcome to submit a pull request".
From sec researcher it's: "I've given <project> all the time I'm willing to. Time for a CVE."
From user it's: "ffmpeg has a vulnerability we do not like, we'll switch to xyz"
"OpSec is hard" if you think this and you've only worked on an external team.
Just wait until you work for an internal one. π
@hakluke Might be too in the weeds but the fact that for some reason it appears the world has happily renamed DLL Hijacking to DLL sideloading despite its specific meaning, and this grinds my gears.
@BaffledJimmy Very similar to one of my favourite presenters on leadership and team dynamics: Nickolas Means https://t.co/5xBAtInoC8
He's done a few (3 mile island, fukashima, etc), might be worth a look :) would definitely watch you presenting similar at a con aimed at cyber.
@downpressor @IceSolst Wrong perpetrator and the wrong law.
Try thanking the commercial entities who deliberately employ hostile UX and the amendments to the ePrivacy directive in 2009 which is when cookie notices became a requirement.
None of the privacy laws force providers to use hostile UX.
@krishdotdev If its an old IBM ilo... USERID
Followed by PASSW0RD
@samirande_ A lack of drug addictions and a therapist.
@_CRUXNET @arpeyton @nickvangilder No not at all, i'm saying an entry level penetration tester is not an entry level IT position.
Hence why i'm already expecting them to have experience in IT and apply security concepts to their domain experience.
@_CRUXNET @arpeyton @nickvangilder That's not really an answer to what I stated.
Yes, compliance will be part of a junior's job (in as much as its part of a senior's too) but it isn't (or shouldn't be) all a junior is expected to do.
If I needed that, i'd employ a Vuln. Analyst as part of a Vuln Mgmt team.
@hakluke Ludus LWIS.
@nickvangilder For me, an entry level in penetration testing is not an entry level position in IT.
They should have experience across the domain already, that they can apply to identify security issues.
I think that's the issue here, lots of people thinking junior = "just nessus" when its not
Pengguna Terakhir Terlihat di Sotwe
issyyπ
Dilihat dari United States
Haluxi
Bacol Asoooy
Dilihat dari Singapore
Mode Engas
Dilihat dari Indonesia
vell
Dilihat dari Singapore
π€ΰΌΊ πππ£ππππ ΰΌ»π€
Eaftey01
Dilihat dari Turkey
Lyndra Lynn
Dilihat dari Spain
β€οΈΔ°tiraf SayfasΔ±β€οΈ
Dilihat dari Turkey
Δ°Γ§inizden Biri
Dilihat dari Turkey
Tren untuk Anda
Pengguna Paling Populer
Elon Musk
@elonmusk
240.3M pengikut
Barack Obama
@barackobama
119.3M pengikut
Donald J. Trump
@realdonaldtrump
111.6M pengikut
Cristiano Ronaldo
@cristiano
109.9M pengikut
Narendra Modi
@narendramodi
106.9M pengikut
Rihanna
@rihanna
97.5M pengikut
NASA
@nasa
92.1M pengikut
Justin Bieber
@justinbieber
90.8M pengikut
KATY PERRY
@katyperry
87.3M pengikut
Taylor Swift
@taylorswift13
81.1M pengikut
Lady Gaga
@ladygaga
72.7M pengikut
Kim Kardashian
@kimkardashian
69.6M pengikut
Virat Kohli
@imvkohli
69.3M pengikut
YouTube
@youtube
68.6M pengikut
Bill Gates
@billgates
63.7M pengikut
The Ellen Show
@theellenshow
62.5M pengikut
Neymar Jr
@neymarjr
62M pengikut
CNN
@cnn
61.9M pengikut
X
@x
60.9M pengikut
Selena Gomez
@selenagomez
60.4M pengikut