Florian Roth · Jun 4, 2023 · 3:08 PM UTC

Florian Roth

45 Photos and videos

Michel de CREVOISIER retweeted

Florian Roth @cyb3rops

Jun 4

So funny to see marketing people generate leads with “ransomware protection guides” which are basically the harding guides we used 20y ago except that everything is mapped to ATT&CK nowadays

399

DirectoryRanger · Jun 4, 2023 · 5:42 PM UTC

Michel de CREVOISIER retweeted

DirectoryRanger @DirectoryRanger

Jun 4

Fuzzing Windows Defender, by @dj_s2w medium.com/s2wblog/fuzzing-t…

Fuzzing the Shield: CVE-2022–24548

Author: Daejin Lee, Seunghoe Kim, Donguk Kim, Eugene Jang

medium.com

Ptrace Security GmbH · Jun 3, 2023 · 3:55 AM UTC

Michel de CREVOISIER retweeted

Ptrace Security GmbH @ptracesecurity

Jun 3

System Design Blueprint: The Ultimate Guide blog.devgenius.io/system-des… #Pentesting #CyberSecurity #Infosec

125

SANS.edu Internet Storm Center · Jun 1, 2023 · 8:41 AM UTC

Michel de CREVOISIER retweeted

SANS.edu Internet Storm Center @sans_isc

Jun 1

After 28 years, SSLv2 is still not gone from the internet... but we're getting there i5c.us/d29908

Enno Rey · May 30, 2023 · 6:54 AM UTC

Michel de CREVOISIER retweeted

Enno Rey @Enno_Insinuator

May 30

.@Sloqman et al.: Who Squats IPv4 Addresses? dl.acm.org/doi/pdf/10.1145/3… [PDF]

BleepingComputer · May 30, 2023 · 7:20 PM UTC

Michel de CREVOISIER retweeted

BleepingComputer @BleepinComputer

May 30

Apple patched a macOS vulnerability found by Microsoft that lets attackers bypass SIP protection to deploy "undeletable" malware and gain access to victims' private data - @serghei bleepingcomputer.com/news/se…

Microsoft finds macOS bug that lets hackers bypass SIP root restrictions

Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable" malware and access the victim's private data by...

bleepingcomputer.com

112

193

Nicolas Krassas · May 30, 2023 · 6:07 AM UTC

Michel de CREVOISIER retweeted

Nicolas Krassas @Dinosn

May 30

Detecting DLL Injection in Windows infosecwriteups.com/detectin…

Detecting DLL Injection in Windows

Hello everyone!

infosecwriteups.com

224

Przemysław Kłys · May 28, 2023 · 2:50 PM UTC

Michel de CREVOISIER retweeted

Przemysław Kłys @PrzemyslawKlys

May 28

I wrote this little #PowerShell module that wraps around DSInternals and provides password quality scan for #ActiveDirectory forest but adds some quality reporting around it. Wrote a short blog post on usage and general description evo.yt/y7oq

149

474

Show this thread

Madhu Akula · May 27, 2023 · 5:37 AM UTC

Michel de CREVOISIER retweeted

Madhu Akula @madhuakula

May 27

🚨 "A Practical Approach to Breaking & Pwning Kubernetes Clusters" training in #BHUSA. Learn to perform #Kubernetes, Cloud Native #Security, #Pentesting, Assessments, & Architecture reviews 🚀 Register before early bird pricing ends blackhat.com/us-23/training/… #Hacking #RedTeam

100

Daily OSINT · May 24, 2023 · 1:30 PM UTC

Michel de CREVOISIER retweeted

Daily OSINT @DailyOsint

May 24

How to geolocate mobile phones based on IP addresses? nixintel.info/osint/geolocat… @nixintel @MwOsint #OSINT #investigation #CTI #infosec #cybersecurity #DFIR #ThreatIntel #intelligence #reconnaissance

105

308

Nicolas Krassas · May 24, 2023 · 8:53 AM UTC

Michel de CREVOISIER retweeted

Nicolas Krassas @Dinosn

May 24

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware thehackernews.com/2023/05/n-…

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

North Korean Lazarus Group remains relentless in targeting vulnerable Microsoft IIS servers, utilizing DLL side-loading techniques to deploy malware.

thehackernews.com

Thomas Patzke · May 22, 2023 · 10:06 PM UTC

Michel de CREVOISIER retweeted

Thomas Patzke @blubbfiction

May 22

Just published my first post in the Sigma blog: Building Flexible & Reusable Detections with Sigma Placeholders medium.com/sigma-hq/building…

Building Flexible Detections with Sigma Placeholders

How placeholders allow to separate detection logic from environment-specific values to build flexible&reusable Sigma rules.

medium.com

/r/netsec · May 22, 2023 · 3:58 PM UTC

Michel de CREVOISIER retweeted

/r/netsec @_r_netsec

May 22

Chaining DLL Hijacking and Format String to gain RCE on windows RDP Client CVE-2023-24905 cyolo.io/blog/dll-hijacking-…

DLL Hijacking Strikes Back: Exploiting Windows on ARM RDP Client (CVE-2023-24905)

Dor Dali of Cyolo uncovers CVE-2023-24905, a RCE vulnerability in Windows on ARM RDP Client, exploring the vulnerability’s root causes.

cyolo.io

1aN0rmus · May 22, 2023 · 4:45 PM UTC

Michel de CREVOISIER retweeted

1aN0rmus @TekDefense

May 22

Over the past 18 months, we've tracked a TA, we have named p0-LUCR-1: GUI-vil, that targets #AWS, with financial motives. Discover what sets them apart and how to detect them in our blog post: @permisosecurity permiso.io/blog/s/unmasking-…

Permiso | Blog | Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor

Permiso’s p0 Labs has been tracking a threat actor for the last 18 months. In this article we will describe the attack lifecycle and detection opportunities for the cloud-focused, financially...

permiso.io

Show this thread

BleepingComputer · May 22, 2023 · 8:11 PM UTC

Michel de CREVOISIER retweeted

BleepingComputer @BleepinComputer

May 22

Microsoft is investigating app connectivity issues behind an ongoing Microsoft 365 outage bleepingcomputer.com/news/mi…

Microsoft 365 hit by new outage causing connectivity issues

Microsoft is investigating service issues preventing users from accessing their Microsoft 365 ccounts and blocking access to installed apps.

bleepingcomputer.com

Samir · May 21, 2023 · 5:55 PM UTC

Michel de CREVOISIER retweeted

Samir @SBousseaden

May 21

while trying to avoid API hooking for service creation (calling into RPC directly) they generate a more suspicious windows service creation event 4697 (clientpid is eq to 0x0 only for remote) Existing detection for this anomaly github.com/elastic/detection…. trendmicro.com/en_us/researc…

Kimberly · May 22, 2023 · 1:30 AM UTC

Michel de CREVOISIER retweeted

Kimberly @StopMalvertisin

May 22

The DFIR Report | IcedID Macro Ends in Nokoyawa Ransomware bit.ly/3OtkXmK

IcedID Macro Ends in Nokoyawa Ransomware - The DFIR Report

Threat actors have moved to other means of initial access, such as ISO files combined with LNKs or OneNote payloads, but some appearances of VBA macros in Office documents can … Read More

thedfirreport.com

Stamus Networks · May 20, 2023 · 3:07 PM UTC

Michel de CREVOISIER retweeted

Stamus Networks @StamusN

May 20

Lateral movement is a technique that cyber attackers use to search for high-value assets. Developed and supported by Stamus Networks, this #Suricata ruleset is specifically focused on detecting lateral movement in #Microsoft #Windows environments. hubs.la/Q01QyH1z0

Stamus Labs | Lateral Movement Ruleset for Suricata

An open source project developed and supported by Stamus Networks, this Suricata ruleset is specifically focused on detecting lateral movement in Microsoft Windows environments.

stamus-networks.com

Oddvar Moe · May 19, 2023 · 2:18 PM UTC

Michel de CREVOISIER retweeted

Oddvar Moe @Oddvarmoe

May 19

I created this quick and dirty Powershell script to check your current system drivers against the awesome loldrivers.io list from @M_haggis @_josehelps @nas_bench Hope you find it useful gist.github.com/api0cradle/d…

143

422

S3cur3Th1sSh1t · May 19, 2023 · 9:29 AM UTC

Michel de CREVOISIER retweeted

S3cur3Th1sSh1t @ShitSecure

May 19

My team mate @m_fielenbach recently created a python script to automate the process of discovering and exploiting ESC1 & ESC8 ADCS vulnerabilities: 🙌 github.com/grimlockx/ADCSKil… So if you want to save some minutes of time in your next projects feel free to test it out. 🔥

181

466