JMP RSP (@0xffhh) 's Twitter Profile
JMP RSP

@0xffhh

offensive security addict. @falconforceteam co-founder. speed maniac.

ID: 125318904

linkhttps://www.falconforce.nl calendar_today22-03-2010 12:34:44

464 Tweet

399 Followers

335 Following

JMP RSP (@0xffhh) 's Twitter Profile Photo

I wonder if there is a positive correlation between those who agree with ‘guns dont kill ppl, ppl kill ppl’ and those who agree with ‘github shouldn’t have removed the exchange poc’. Not judging, just curious...🤷🏻‍♂️

Peleg Hadar (@peleghd) 's Twitter Profile Photo

CVSS 9.9! The vulnerability we (+Ophir Harpaz 🎗️) found, CVE-2021-28476 (Hyper-V RCE), was patched today! Our research, fuzzer and vulnerability details was submitted to Black Hat and DEF CON, there is a lot to look forward to. msrc.microsoft.com/update-guide/v…

JMP RSP (@0xffhh) 's Twitter Profile Photo

I got my shot yesterday but I think I got the wrong one. Instead of Pfizer, I'm seeing an AstraZeneca WiFi everywhere I go :( Anybody managed to crack the handshake already and get the master password?

I got my shot yesterday but I think I got the wrong one. Instead of Pfizer, I'm seeing an AstraZeneca WiFi everywhere I go :( Anybody managed to crack the handshake already and get the master password?
JMP RSP (@0xffhh) 's Twitter Profile Photo

Stay tuned for the AD CS detection rules. FalconForce Official is currently working hard to write and test reliable detections usable in production environments. Don't forget to checkout the whitepaper by Lee Chagolla-Christensen and Will Schroeder, they've done most detection engineering already. THNX

JMP RSP (@0xffhh) 's Twitter Profile Photo

Reverse engineering undocumented windows api’s is so frustratingly slow.😑😑 Luckily, the pot of offensive gold and the end of the rainbow is big 😈😈mwuahaha

FalconForce Official (@falconforceteam) 's Twitter Profile Photo

Happy Friday everybody! This edition of #FalconFriday we focus on detection backup tampering on Azure. medium.com/falconforce/fa… #FalconForce #AzureBackup #DetectionEngineering #DFIR

JMP RSP (@0xffhh) 's Twitter Profile Photo

Does anybody know the max number of APIs you're allowed to use in a CS BOF? I'm apparently hitting a limit, but don't know what the limit is and don't know if the limit is the number of unique APIs or total number of calls to Win32 APIs. Any help and retweet appreciated.

Does anybody know the max number of APIs you're allowed to use in a CS BOF? I'm apparently hitting a limit, but don't know what the limit is and don't know if the limit is the number of unique APIs or total number of calls to Win32 APIs. Any help and retweet appreciated.
JMP RSP (@0xffhh) 's Twitter Profile Photo

Does anyone know what the status is of API Monitor? Is in dead? Will it ever get an update or be open sourced? I have so many usecases and/or feature requests…🤯 Cc: rohitab.com

FalconForce Official (@falconforceteam) 's Twitter Profile Photo

It’s #FalconFriday and summer is here! Take a refreshing dive into our newest blog, where we will shed some light on how Certipy and Rebeus work with UnPAC-the-hash and shadowing creds, and how to detect these techniques with our free #Kusto detections. medium.com/falconforce/fa…

It’s #FalconFriday and summer is here! Take a refreshing dive into our newest blog, where we will shed some light on how Certipy and Rebeus work with UnPAC-the-hash and shadowing creds, and how to detect these techniques with our free #Kusto detections.

medium.com/falconforce/fa…
JMP RSP (@0xffhh) 's Twitter Profile Photo

Does anyone have a working .NET core gadget for a deserializing vulnerability with json.net? The documented .NET framework gadgets don’t work in core. #SharingIsCaring

JMP RSP (@0xffhh) 's Twitter Profile Photo

Hey KLM, i’m waiting for 6 months already for a claim to be handled. Don’t you think it’s about time to fix this? Already called you a few times and you keep saying ‘it’s busy’. So taking the shaming route now…

Hey <a href="/KLM/">KLM</a>, i’m waiting for 6 months already for a claim to be handled. Don’t you think it’s about time to fix this? Already called you a few times and you keep saying ‘it’s busy’. So taking the shaming route now…
JMP RSP (@0xffhh) 's Twitter Profile Photo

Having an implant running undetected on an edr protected machine is all cool, but detecting TAs is just ~20% about detecting their implant. Detecting the stuff they do with their implant is what matters way more. Local priv esc, cred dumping, lateral movement, etc. Just saying 🤷‍♂️

Wild West Hackin' Fest (@wwhackinfest) 's Twitter Profile Photo

Sponsor Spotlight | FalconForce Official We would like to thank FalconForce for being a Silver Sponsor for Deadwood 2023! Check out all about their company and services here: falconforce.nl/?utm_campaign=…

Sponsor Spotlight | <a href="/falconforceteam/">FalconForce Official</a>

We would like to thank FalconForce for being a Silver Sponsor for Deadwood 2023! Check out all about their company and services here: falconforce.nl/?utm_campaign=…