Marat Nigmatullin (@_mnigma_) 's Twitter Profile
Marat Nigmatullin

@_mnigma_

Hacking & Researching @falconforceteam | Ex-Unit 42

ID: 1139544168534032384

calendar_today14-06-2019 14:44:36

361 Tweet

83 Takipçi

117 Takip Edilen

SpecterOps (@specterops) 's Twitter Profile Photo

Maestro lets you interact with Intune/EntraID from a C2 agent w/o passwords or token manipulation, streamlining your post-exploitation tasks. Stop by Chris Thompson's demo lab this weekend while you're at #DEFCON32 & learn more. ghst.ly/3Yll3SnSn

Maestro lets you interact with Intune/EntraID from a C2 agent w/o passwords or token manipulation, streamlining your post-exploitation tasks. 

Stop by <a href="/_Mayyhem/">Chris Thompson</a>'s demo lab this weekend while you're at #DEFCON32 &amp; learn more. ghst.ly/3Yll3SnSn
FalconForce Official (@falconforceteam) 's Twitter Profile Photo

We are happy to announce our collaboration with Division 5 in hosting our Advanced Detection Engineering in the Enterprise training in Brisbane, Australia in Feb 2025. Learn more from Olaf Hartong and JMP RSP on detection engineering. Register via: division5.io/ADEitE2025.html

We are happy to announce our collaboration with <a href="/Division5io/">Division 5</a> in hosting our Advanced Detection Engineering in the Enterprise training in Brisbane, Australia in Feb 2025. Learn more from <a href="/olafhartong/">Olaf Hartong</a>  and  <a href="/0xffhh/">JMP RSP</a> on detection engineering. Register via: division5.io/ADEitE2025.html
SANS Offensive Operations (@sansoffensive) 's Twitter Profile Photo

.Rich Warren & Johnny Fishcake are discussing how to exploit corporate VPN clients for remote root & SYSTEM shells. Join to see live demos on Windows & macOS vulnerabilities & how attackers gain control w/ just one click. Register Free: sans.org/u/1vBt #SANSHackFest

.<a href="/buffaloverflow/">Rich Warren</a> &amp; <a href="/johnnyspandex/">Johnny Fishcake</a> are discussing how to exploit corporate VPN clients for remote root &amp; SYSTEM shells. Join to see live demos on Windows &amp; macOS vulnerabilities &amp; how attackers gain control w/ just one click.

Register Free: sans.org/u/1vBt

#SANSHackFest
FalconForce Official (@falconforceteam) 's Twitter Profile Photo

We have good news for those who missed out on our Advanced Detection Engineering in the Enterprise training at Black Hat US. Our ADE training is coming to Black Hat Asia 2025, in Singapore! Registration is open! Information and registration: blackhat.com/asia-25/traini…

We have good news for those who missed out on our Advanced Detection Engineering in the Enterprise training at Black Hat US. Our ADE training is coming to Black Hat Asia 2025, in Singapore! Registration is open!

Information and registration: blackhat.com/asia-25/traini…
Olaf Hartong (@olafhartong) 's Twitter Profile Photo

Detection Engineering is sometimes hard, and may fail. Still a lot of things can be learned by the process. In this blog I cover a lot. I had a detection, currently it's broken but MS is on it :D falconforce.nl/detection-engi…

Olaf Hartong (@olafhartong) 's Twitter Profile Photo

Adding to my ETW research toolkit, a tiny program to consume information from a provider with as little overhead as possible. PockETWatcher, a tool to get the essential information from a ETW provider to the CLI or a JSON file github.com/olafhartong/Po…

FalconForce Official (@falconforceteam) 's Twitter Profile Photo

Have a great start of this new year! Join our webinar with Olaf and Henri who will go in depth on how FalconForce continuously delivers high-quality detection content for #SOC teams around the world. Register now: events.teams.microsoft.com/event/70005169…

Olaf Hartong (@olafhartong) 's Twitter Profile Photo

Our Advanced Detection Engineering in the Enterprise training is once again accepted for BlackHat USA! We’re excited to show all content. We walk through two realistic red team scenarios and build detections for on-prem and Azure attacks which are missed out-of-the-box.

FalconForce Official (@falconforceteam) 's Twitter Profile Photo

n our latest blog, we follow Arnau (linkedin.com/in/arnauortega/) on his journey to leverage #WinRM plugins for lateral movement. A deep rabbit hole that ultimately led to a custom plugin, #BOF and a solid detection in our #FalconFriday repository 🦅falconforce.nl/exploring-winr…

n our latest blog, we follow Arnau (linkedin.com/in/arnauortega/) on his journey to leverage #WinRM plugins for lateral movement. A deep rabbit hole that ultimately led to a custom plugin, #BOF and a solid detection in our #FalconFriday repository 🦅falconforce.nl/exploring-winr…
FalconForce Official (@falconforceteam) 's Twitter Profile Photo

We are hiring offensive specialists! We are looking for experienced professionals who deliver high-quality offensive security services to help our client's defensive teams become more resilient. Sounds like you? falconforce.nl/falconforce-of… #offensivesecurity #purpleteam #redteam

We are hiring offensive specialists! We are looking for experienced professionals who deliver high-quality offensive security services to help our client's defensive teams become more resilient. Sounds like you? falconforce.nl/falconforce-of…

#offensivesecurity #purpleteam #redteam
FalconForce Official (@falconforceteam) 's Twitter Profile Photo

We are proud to introduce #dAWShund to the world: a framework for putting a leash on naughty AWS permissions. dAWShund helps blue and red teams find resources in #AWS, evaluate their access levels and visualize the relationships between them. falconforce.nl/dawshund-frame…

We are proud to introduce #dAWShund to the world: a framework for putting a leash on naughty AWS permissions. dAWShund helps blue and red teams find resources in #AWS, evaluate their access levels and visualize the relationships between them.

falconforce.nl/dawshund-frame…
Josh (@passthehashbrwn) 's Twitter Profile Photo

New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers. ibm.com/think/x-force/…

sapir federovsky (@sapirxfed) 's Twitter Profile Photo

Just me exploring new undocumented Entra APIs and doing some TTD to make Device Registration Service to change some Device attributes🙂 sapirxfed.com/2025/04/28/exp…

FalconForce Official (@falconforceteam) 's Twitter Profile Photo

One of the least discussed topics in detection engineering is maintenance. But why is no one talking about this? In this first blog we explore its relevance to #detectionengineering and the paradox that keeps us awake at night. Enjoy! falconforce.nl/why-is-no-one-…

One of the least discussed topics in detection engineering is maintenance. But why is no one talking about this? In this first blog we explore its relevance to #detectionengineering and the paradox that keeps us awake at night. Enjoy!

falconforce.nl/why-is-no-one-…
Olaf Hartong (@olafhartong) 's Twitter Profile Photo

In about an hour I’ll present my talk I’m in your logs now, deceiving your analysts and blinding your EDR at #BHUSA25 Black Hat in Islander E/I. Come and hang out!

In about an hour I’ll present my talk  I’m in your logs now, deceiving your analysts and blinding your EDR at #BHUSA25 <a href="/BlackHatEvents/">Black Hat</a>  in Islander E/I. Come and hang out!
Olaf Hartong (@olafhartong) 's Twitter Profile Photo

During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs. github.com/olafhartong/Ba… Slides available here: github.com/olafhartong/Pr…