I just updated ViperMonkey from Kirk Sayre's repository (lots of improvements and bugfixes done by Kirk in the last few months). How to install: github.com/decalage2/Vipe… Live demo at Black Hat Europe: youtu.be/l5sMPGjtKn0?li… cc Kirk Sayre

I just published Hacking Cisco SD-WAN vManage 19.2.2 — From CSRF to Remote Code Execution link.medium.com/rAmL1kUnI8

Couple of thoughts come to mind: - When a frontend developer thinks they can develop the whole stack - this is why we can't have nice things

Make a backup copy of all your Custom ATP Detections with a little PowerShell script I'm sharing here. I look forward to Microsoft just building this feature into their product and putting this script out of business. Until then ... github.com/clr2of8/Export…

I'm at the acceptance stage

One of my favorite tools just went public. Parse and query entire AD domains offline. I've been using it for the past year or so to keep live queries to a minimum. Check group memberships, find weak delegation, parse and query UAC properties. Check it out. github.com/kgoins/ldsview

Get a vaccine, change the world.

We have a great opportunity to lead our #siem engineering program Asurion. A state of the art HQ being built in the hot gulch area of #Nashville and remote options available. Come work with GoldRush and me leading our global #infosec team! #infosecjobs careers.asurion.com/ShowJob/Id/765…

I don’t take a hard line on publishing offensive tools. I genuinely believe there’s a balance to be struck there and industry has work to do on setting collaborative norms. But did Mimikatz need to add an exploit for CVE-2021-1675 before Microsoft released a working patch?

If this gets 20k likes, we’ll replace the paperclip emoji in Microsoft 365 with Clippy.

Watching forged in fire and all of a sudden a wild Mike_Poor appears!

Black Friday is here! Get FREE recurring API credits if you like + retweet this tweet. If we get up to 100 RTs everyone gets 100 recurring monthly API credits. If we get over 100 RTs, everyone gets the # of API credits in the amount of RTs. Cut out time: November 28th 10AM EST.

If you like #KQL as much as we do, start following KQLCafe or check out kqlcafe.com to find out more about our upcoming show starting in January 22 #mvpbuzz #kql #security

Reminder with everyone melting the Internet. Give people a place to contact your security team. securitytxt.org #log4j #log4jRCE #Log4Shell

Maybe if I send Dave Kennedy a picture of the Troll Pub bourbon list, he’ll bring back DerbyCon 🙏

Why won’t this fella age? #TopGunMaverick

ATTENTION TWITTER: If this tweet gets 1,000,000 RTs, I will receive a year supply of RIPITs. For the love of God, support a Sad Major!!!!!!!

WiCyS Statement on Nashville, TN Announcement for 2024 Conference