Justin Elze · Jun 6, 2023 · 12:26 PM UTC

Justin Elze

3,781 Photos and videos

Justin Elze @HackingLZ

7 defcon tickets or 1 VR headset 🤔

BleepingComputer · Jun 5, 2023 · 9:27 PM UTC

Justin Elze retweeted

BleepingComputer @BleepinComputer

16h

Clop ransomware claims responsibility for MOVEit extortion attacks - @LawrenceAbrams bleepingcomputer.com/news/se…

Clop ransomware claims responsibility for MOVEit extortion attacks

The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal...

bleepingcomputer.com

nyxgeek · Jun 5, 2023 · 6:47 PM UTC

Justin Elze retweeted

nyxgeek @nyxgeek

18h

Just picked up a new O'Reilly book. Anybody read this one?

Justin Elze · Jun 5, 2023 · 6:24 PM UTC

Justin Elze @HackingLZ

19h

Im finally going to be able to hack like this

Justin Elze · Jun 5, 2023 · 5:32 PM UTC

Justin Elze @HackingLZ

20h

Journal the ultimate crime ledger

Sherrod DeGrippo 📬 · Jun 5, 2023 · 2:36 PM UTC

Justin Elze retweeted

Sherrod DeGrippo 📬 @sherrod_im

23h

Official blog from Progress on the MOVEit vulnerability. This includes our TA attribution to Lace Tempest. If you're aware of any org receiving an extortion attempt related to data exfil through this vulnerability, please DM me, I'd love to hear more. ipswitch.com/blog/update-ste…

An Update on the Steps We are Taking to Protect MOVEit Customers - Ipswitch

We will continue to be as transparent as possible regarding the recently discovered vulnerability within MOVEit Transfer and MOVEit Cloud.

ipswitch.com

Justin Elze · Jun 5, 2023 · 4:42 PM UTC

Justin Elze @HackingLZ

20h

yikes

Thomas - @crahan@mastodon.social @CraHan

Jun 3

So GigaByte Control Center adds a GCC-Filedrop user account to enable 'file transfer' functionality between hosts running their Control Center software... but then configures it with a default "gbt123gcc" password. 🤔

Justin Elze · Jun 5, 2023 · 2:34 PM UTC

Justin Elze @HackingLZ

23h

New Sysmon video from @Carlos_Perez File Create Stream Hash Event inv.warpnine.de/watch?v=rrAGRdxf…

Learning Sysmon - File Create Stream Hash Event (Video 15)

This week, Carlos goes over how to use Sysmon to track the creation of an alternate data stream on an NTFS file system located on a Windows host. He also dem...

youtube.com

Justin Elze · Jun 5, 2023 · 2:55 AM UTC

Justin Elze @HackingLZ

Jun 5

It’s probably going to be another 8-12 months before I stop being amused by MS TA naming conventions.

Justin Elze · Jun 5, 2023 · 2:49 AM UTC

Justin Elze @HackingLZ

Jun 5

Getting to see a project come to life after a 6 month build is awesome. He wrecked his last race car at 170 end of last season and it’s been a rush to have something competitive for this season. tweeter.jakobs.systems/i/web/status/166…

1,096

Justin Elze · Jun 5, 2023 · 2:23 AM UTC

Justin Elze @HackingLZ

Jun 5

What sort of event does one wear a lace tempest at? Formal dinner party?

Microsoft Threat Intelligence · Jun 5, 2023 · 1:55 AM UTC

Justin Elze retweeted

Microsoft Threat Intelligence @MsftSecIntel

Jun 5

Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims.

390

773

Show this thread

Justin Elze · Jun 4, 2023 · 2:45 PM UTC

Justin Elze @HackingLZ

Jun 4

$440 😳

116

Justin Elze · Jun 4, 2023 · 12:32 PM UTC

Justin Elze @HackingLZ

Jun 4

It's funny I found myself talking about data backups/retention with a bunch of drag racers yesterday. Data logs and the ability to quickly review them and pull up previous runs from months or years prior is extremely important. I got a couple people using Google drive now as… tweeter.jakobs.systems/i/web/status/166…

Ben Sadeghipour · Jun 3, 2023 · 7:13 PM UTC

Justin Elze retweeted

Ben Sadeghipour @NahamSec

Jun 3

📣📣 We are 2 weeks away from #NahamCon2023! This year's event is hosted by @_JohnHammond, @ippsec, and @Alh4zr3d! Check out the full schedule on NahamCon.com!

250

Show this thread

Joe · Jun 2, 2023 · 5:38 PM UTC

Justin Elze retweeted

Joe @jinx_soda

Jun 2

"Mandiant has observed wide exploitation of a zero-day vulnerability in the MOVEit Transfer secure managed file transfer software for subsequent data theft." UNC4857 observed actively deploying the LEMURLOOT webshell post-exploitation. mandiant.com/resources/blog/…

Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft

Analysis of a zero-day vulnerability in MOVEit Transfer, and containment and hardening guidance.

mandiant.com

Justin Elze · Jun 3, 2023 · 10:37 PM UTC

Justin Elze @HackingLZ

Jun 3

🚀

shubs · Jun 3, 2023 · 9:14 AM UTC

Justin Elze retweeted

shubs @infosec_au

Jun 3

Looking at the C# diff the `SetAllSessionVarsFromHeaders` function was removed in patched versions. The machine2.aspx file leads to this functionality. The machine2.aspx file requires requests coming from localhost. You can achieve this through…

John Hammond @_JohnHammond

Jun 2

Okay I'm down a rabbit hole but I'm wracking my brain on this, desperately wanting to figure out how the #MOVEit exploit comes together. We've got in the known IIS logs a procedure (coming disjointly from different IPs) that hits up - moveitisapi.dll - guestaccess.aspx etc

Show this thread

Justin Elze · Jun 3, 2023 · 7:53 PM UTC

Justin Elze @HackingLZ

Jun 3

Clean A to B pass 4.9x at 149 tune up is a little rich

1,447

Justin Elze · Jun 3, 2023 · 6:44 PM UTC

Justin Elze @HackingLZ

Jun 3

We made a mistake of being overly prepared for first qualifier today sat here excited everything was going well went to qualify and car wouldn’t start 30 min of troubleshooting and a tune change made a hit and spun