Heather Adkins - Ꜻ - Spes consilium non est · Jan 29, 2023 · 12:20 PM UTC

Heather Adkins - Ꜻ - Spes consilium non est

4,388 Photos and videos

Florian Roth ⚡ retweeted

Heather Adkins - Ꜻ - Spes consilium non est

@argvee

16h

Somethings up in Iran. reuters.com/world/middle-eas…

Blast heard at military plant in Iran's central city of Isfahan - state media

A loud blast was heard at a military plant in Iran's central city of Isfahan, but a security official said there were no casualties, Iranian state broadcaster IRIB said on its website early on Sunday.

reuters.com

Show this thread

ACE Responder · Jan 29, 2023 · 8:15 PM UTC

Florian Roth ⚡ retweeted

ACE Responder @ACEResponder

Just figured out the @Horizon3Attack vRealize Log Insight exploit lol Incoming guided threat hunt + signatures before the exploit PoC is dropped this week. Sign up on aceresponder.com to be notified. #threathunting #DFIR #RCE #cybersecurity

Show this thread

Florian Roth ⚡ · Jan 29, 2023 · 3:59 PM UTC

Florian Roth ⚡ @cyb3rops

13h

“U.S. General Michael Minihan warns war with China possible in 2025” - The Washington Post 😐 washingtonpost.com/national-…

U.S. general warns troops that war with China is possible in two years

Gen. Michael Minihan cited presidential elections in both Taiwan and the United States in 2024 as part of his rationale.

washingtonpost.com

Florian Roth ⚡ · Jan 29, 2023 · 10:25 AM UTC

Florian Roth ⚡ @cyb3rops

18h

🥹

693

Sami Laiho · Jan 28, 2023 · 12:10 PM UTC

Florian Roth ⚡ retweeted

Sami Laiho @samilaiho

Jan 28

Massive Microsoft 365 outage caused by WAN router IP change bleepingcomputer.com/news/mi…

Massive Microsoft 365 outage caused by WAN router IP change

Microsoft says this week's five-hour-long Microsoft 365 worldwide outage was caused by a router IP address change that led to packet forwarding issues between all other routers in its Wide Area...

bleepingcomputer.com

106

282

MalwareHunterTeam · Jan 28, 2023 · 10:27 PM UTC

Florian Roth ⚡ retweeted

MalwareHunterTeam @malwrhunterteam

Jan 28

"bypass.ps1": 4a67a7525e956bf4b47fb34af353fbeb43a6d16d4ad6fa2cba9a39beabf480ec service-8oeyubeo-1304571952.gz.apigw.tencentcs[.]com AVs: 0 detection / @thor_scanner: 2 comments. Again 👏 to @cyb3rops.

Show this thread

Florian Roth ⚡ · Jan 28, 2023 · 10:02 PM UTC

Florian Roth ⚡ @cyb3rops

Jan 28

😄 #QuantumState

118

Florian Roth ⚡ · Jan 28, 2023 · 9:48 PM UTC

Florian Roth ⚡ @cyb3rops

Jan 28

🔮

Florian Roth ⚡ · Jan 28, 2023 · 2:19 PM UTC

Florian Roth ⚡ @cyb3rops

Jan 28

This episode of @JackRhysider's Darknet Diaries interviewing @JohnLaTwC on MS08-067 has been extremely interesting to me It's the behind the scenes story of one of the most important 0day of all time inv.warpnine.de/watch?v=339qkBZe…

The Dangerous Flaw in Windows XP's 45 Million Lines of Code🎙Darknet...

Microsoft gets BILLIONS of error reports from Windows users. So how do they figure out which ones are important? This is the story of how they discovered the...

youtube.com

Florian Roth ⚡ · Jan 28, 2023 · 2:03 PM UTC

Florian Roth ⚡ @cyb3rops

Jan 28

You can run, but you can't hide virustotal.com/gui/file/6eb0…

sn🥶vvcr💥sh · Jan 28, 2023 · 10:10 AM UTC

Florian Roth ⚡ retweeted

sn🥶vvcr💥sh @snovvcrash

Jan 28

Keep in mind when scraping usernames from a #Cisco #CUCM server with @n00py1’s cucme[.]sh or @TrustedSec’s SeeYouCM-Thief: the names can be not only within the <userName> tag but also within the <firstName> and <lastName> tags. Worth checking! ppn.snovvcrash.rocks/pentest…

149

Florian Roth ⚡ · Jan 28, 2023 · 11:05 AM UTC

Florian Roth ⚡ @cyb3rops

Jan 28

Since I'm a fan of efficient forensic analysis, I've created a YARA rule that detects downloads blocked by security solutions - uses external var (works in LOKI & THOR) @malmoeb's tweet tweeter.jakobs.systems/malmoeb/status/1… @virustotal query virustotal.com/gui/search/fi… github.com/Neo23x0/signature…

Stephan Berger @malmoeb

Jan 28

Replying to @malmoeb

2/ But the best part was: the file was not an executable at all! The proxy prevented the download due to the "Malicious Websites" category. Within the error message from the proxy, the malicious domain was visible. Another easy gained IOC to hunt for 🤠

Show this thread

Florian Roth ⚡ · Jan 28, 2023 · 7:32 AM UTC

Florian Roth ⚡ @cyb3rops

Jan 28

The single most important feature offered by Laurel, the auditd plugin, is that it can join the absolutely impractical args array to a string which we can use for matching a0=“ndog” a1=“-l” a2=“-p” a3=“4444” cmd=“ndog -l -p 4444” It’s not the default and hidden in the manual

Hilko Bengen / @hillu@infosec.exchange @_hillu

Jan 27

Just released v0.5.1 of Laurel, the #linux #auditd plugin event post-processing plugin that generates useful, enriched JSON-based audit logs suitable for modern security monitoring setups. github.com/threathunters-io/…

ariaupdated · Jan 27, 2023 · 7:37 AM UTC

Florian Roth ⚡ retweeted

ariaupdated @ariaupdated

Jan 27

YES!! The #UpdatePolicy CSP page is now updated to show which policies should be used for what and which are legacy policies we don't recommend! Check out the changes! (#ThankYou to those who have been providing feedback / making requests on docs! 🙃) learn.microsoft.com/en-us/wi…

Policy CSP - Update - Windows Client Management

The Policy CSP - Update allows the IT admin, when used with Update/ActiveHoursStart, to manage a range of active hours where update reboots aren't scheduled.

learn.microsoft.com

167

Christopher Peacock · Jan 27, 2023 · 1:55 PM UTC

Florian Roth ⚡ retweeted

Christopher Peacock @SecurePeacock

Jan 27

Day 48 #100DaysofSigma Stop those pesky OneNote files before a user can open them with the OneNote Attachment File Dropped In Suspicious Location rule from @nas_bench. github.com/SigmaHQ/sigma/blo…

sigma/file_event_win_one_extension_files_in_susp_locations.yml at 4921c96703cb60dcc54898d9a1f65f5...

Main Rule Repository. Contribute to SigmaHQ/sigma development by creating an account on GitHub.

github.com

Show this thread

𝔅͛𝔯͛𝔦͛𝔞͛𝔫͛ ͛𝔚͛𝔥͛𝔢͛𝔩͛𝔱͛𝔬͛𝔫͛ · Jan 27, 2023 · 9:17 PM UTC

Florian Roth ⚡ retweeted

𝔅͛𝔯͛𝔦͛𝔞͛𝔫͛ ͛𝔚͛𝔥͛𝔢͛𝔩͛𝔱͛𝔬͛𝔫͛ @brianwhelton

Jan 27

254

Hilko Bengen / @hillu@infosec.exchange · Jan 27, 2023 · 5:32 PM UTC

Florian Roth ⚡ retweeted

Hilko Bengen / @hillu@infosec.exchange @_hillu

Jan 27

GitHub - threathunters-io/laurel: Transform Linux Audit logs for SIEM usage

Transform Linux Audit logs for SIEM usage. Contribute to threathunters-io/laurel development by creating an account on GitHub.

github.com

ESET Research · Jan 27, 2023 · 1:12 PM UTC

Florian Roth ⚡ retweeted

ESET Research @ESETresearch

Jan 27

#BREAKING On January 25th #ESETResearch discovered a new cyberattack in 🇺🇦 Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm. 1/3

247

452

Show this thread

Florian Roth ⚡ · Jan 27, 2023 · 7:40 PM UTC

Florian Roth ⚡ @cyb3rops

Jan 27

😐 reminds me of DEVICE=C:\Windows\himem.sys

Roy van Rijn @royvanrijn

Jan 26

If you know what this is: SET BLASTER=A220 I7 D1 H5 T6 ... it might be a good time to start taking daily supplements and consider a check-up at the doctor.

Joe Stocker · Jan 27, 2023 · 6:42 PM UTC

Florian Roth ⚡ retweeted

Joe Stocker @ITguySoCal

Jan 27

Microsoft Defender for Office, Horror Story. A thread. (1/5) On Wednesday at 6:00 PM CST, Customer’s primary domain name is suddenly marked as a phishing URL by MDO. Outbound emails are blocked because the email signature has their URL… it gets worse…

448

Show this thread