🤿🙂

🏅 𝗧𝗼𝗽 𝟭𝟬 𝗣𝗼𝘀𝘁𝘀 𝗼𝗳 𝘁𝗵𝗲 𝗬𝗲𝗮𝗿 🤿 9th Place: Has this ever happened to you after an unforgettable encounter? 🥲 🎥 IG 'maysasantoro'

Windows Exploit Mitigation Series thus far: - Do Not Allow Child Processes: youtu.be/E99S3vCTBWA - Stack Pivot Protection: youtu.be/Wxsq2Goo2tA - Isolated Heaps: youtu.be/5-F_IMpJfHc - High level look at CFG and Heap Spraying: youtu.be/VPwBAGvgX7M

Token stealing (aka duplication) with syscalls only? Not sure if it’s novel approach but had to try anyway. 🤷‍♂️ NtOpenProcessToken, NtAdjustPrivilegesToken, NtOpenProcess, NtDuplicateToken, and NtSetInformationThread at your service! Enjoy the C code: github.com/gtworek/PSBits…

If you've ever wanted to live debug user mode Linux processes (e.g.: in WSL) from WinDbg, with 1.2402.24001.0, you can! Start up a gdbserver in WSL (e.g.: gdbserver localhost:1234 ./vim) and connect to it via WinDbg's "Connect to remote debugger"

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)! I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis

Without further ado - here is EtwInspector! This is a C++ tool to help users interact with ETW providers. This tool supports the enumeration of providers, their events, and capture events. github.com/jsecurity101/E…

Essential reading in light of all the misinformation spreading around here about what went down. Be nice to your sysadmins and IT staff for a while. crowdstrike.com/blog/technical…

This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n

CrowdStrike continues to focus on restoring all systems as soon as possible. Of the approximately 8.5 million Windows devices that were impacted, a significant number are back online and operational. Together with customers, we tested a new technique to accelerate impacted

Update: Our preliminary Post Incident Review (PIR) is available at the link below.  Details include the incident overview, remediation actions, and preliminary learnings. More to come in our full Root Cause Analysis (RCA). Automated recovery techniques, coupled with strategic

It’s wonderful to see what Xeno Kovah and his collaborators have built for the community. I always recommend OST2 for my new hires and other juniors, or just anyone trying to get started on a new topic. The courses are excellent. It’s an honor to sponsor the Windows Security Path

x.com/i/article/1858…

💡 Today we are unveiling a new China-nexus adversary: LIMINAL PANDA. 👉 Our blog post contains deeper insights into LIMINAL PANDA’s operational profile and key TTPs, as well as guidance for organizations to defend against this sophisticated adversary: crwdstr.ke/6010sUQwM

📣 Today we are excited to launch #CrowdStrike Insider Risk Services to help organizations anticipate, detect and respond to insider threats. Full details: crwdstr.ke/6014aZPQE

"What does this title represent? It means you're the best in the world and if you're the best in the world, it doesn't matter who's going to be standing across from you. What do I say? No? NEVER. Let's do this!"

x.com/i/article/1898…

Jose Aldo has announced his retirement from MMA after #UFC315. One of the greatest of all time 👏

Time to become a double champion #inshaAllah Let’s go

From the favelas to the world. He was never supposed to make it this far, sick as a kid, counted out always, 10-8 start to his UFC career. Win or lose, his story already inspired millions. We love you, Charles. ❤️