Polski
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어
Script_Happens's profile picture. Security Engineer. My opinions are my own.

Justin Hendricks

@Script_Happens

Security Engineer. My opinions are my own.

142Wpisy 302Obserwujących 2KObserwowanych
Może Ci się spodobać
Justin Hendricks podał dalej
msftsecresponse's profile picture.
Microsoft Security Response Center
@msftsecresponse
2 gru 2022

📢 BlueHat 2023: Applications to Attend are NOW OPEN! 📢 If you are interested in attending @MSFTBlueHat in Redmond, WA, USA, Feb 8-9, 2023, please submit your application here: forms.office.com/Pages/Response… (Applications close Jan 6, 2023)

forms.office.com

Microsoft Forms

Microsoft Forms

Źródło: forms.office.com
1
10
22
1
0
Justin Hendricks podał dalej
spotheplanet's profile picture.
spotheplanet
 @spotheplanet
7 sie 2021

Noticed that the number of visits to these notes started growing even while they were WIP (yeah, I work in prod 😅), so here they are: ired.team/offensive-secu… Thank you for sharing @harmj0y @tifkin_ @topotam77 @ExAndroidDev , it's all beautiful!

spotheplanet's tweet card. ADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate |...
ADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate |...
Źródło: ired.team
4
48
110
11
0
Justin Hendricks podał dalej
SteveSyfuhs's profile picture.
Steve Syfuhs
 @SteveSyfuhs
5 sie 2021

It's been a while since our last thread and I need to kill time while a ginormous time travel trace file finishes copying, so let's talk a bit about LSA, the Windows Local Security Authority.

SteveSyfuhs's tweet image. It's been a while since our last thread and I need to kill time while a ginormous time travel trace file finishes copying, so let's talk a bit about LSA, the Windows Local Security Authority.
22
301
941
307
0
Justin Hendricks podał dalej
MsftSecIntel's profile picture.
Microsoft Threat Intelligence
@MsftSecIntel
18 mar 2021

Automatic on-premises Exchange Server mitigation is now in Microsoft Defender Antivirus. We have taken this additional step to further support our customers who have not yet implemented the complete security update. Learn more: msft.it/6017VMA3d

MsftSecIntel's tweet card. Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. We have taken this additional...
Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus | Microsoft...
Źródło: microsoft.com
3
163
289
14
0
Script_Happens's profile picture.
Justin Hendricks
 @Script_Happens
10 mar 2021

The nmap script that tests for CVE-2021-26855 had false negatives with 301 and 302 redirects (typically federated auth). This was fixed yesterday. Latest version: github.com/microsoft/CSS-…

0
1
3
1
0
Justin Hendricks podał dalej
JohnLaTwC's profile picture.
John Lambert
@JohnLaTwC
9 mar 2021

Run Exchange but are on an out-of-support Cumulative Update level and can't get updates for the March vulnerabilities? The Exchange team has delivered: techcommunity.microsoft.com/t5/exchange-te…

JohnLaTwC's tweet card. To help customers more quickly protect their environments in light of the March 2021 Exchange Server Security Updates, Microsoft is producing an additional...
March 2021 Exchange Server Security Updates for older Cumulative Updates of Exchange Server |...
Źródło: techcommunity.microsoft.com
1
26
49
4
0
Script_Happens's profile picture.
Justin Hendricks
 @Script_Happens
9 mar 2021

Also, there is a script to compare against files on the Exchange server it's run on: github.com/microsoft/CSS-…

JohnLaTwC's profile picture. Corporate Vice President, Security Fellow, Microsoft Security Research, johnla(AT)https://t.co/3dGtq71Nby
John Lambert
@JohnLaTwC
8 mar 2021

Looking for hashes of known good Exchange files? Here are hashes from the Exchange team: github.com/microsoft/CSS-…

JohnLaTwC's tweet image. Looking for hashes of known good Exchange files? Here are hashes from the Exchange team: github.com/microsoft/CSS-…
JohnLaTwC's tweet image. Looking for hashes of known good Exchange files? Here are hashes from the Exchange team: github.com/microsoft/CSS-…
3
161
325
49
0
0
1
1
0
0
Justin Hendricks podał dalej
msftsecresponse's profile picture.
Microsoft Security Response Center
@msftsecresponse
5 mar 2021

Providing alternative mitigation techniques to help Microsoft Exchange customers needing more time to patch deployments & are willing to make risk & service function trade-offs. These mitigations are not remediation & aren't full protection against attack. msrc-blog.microsoft.com/2021/03/05/mic…

1
77
134
11
0
Script_Happens's profile picture.
Justin Hendricks
 @Script_Happens
6 sty 2021

Great team with broad scope! Come find bugs in one of the biggest suite of cloud services.

travisrhodes's profile picture. Security - Offense - Microsoft
Travis Rhodes
 @travisrhodes
4 sty 2021

I'm forming 2 dev teams in our Microsoft Vancouver B.C. office! Team 1: privacy failure discovery in M365. Team 2: Application Security, find the worst bugs, dev to find them at scale. Hiring all levels and experience, including 2 managers. Apply here: aka.ms/MSVancouverSec…

0
9
16
4
0
0
0
1
1
0
Script_Happens's profile picture.
Justin Hendricks
 @Script_Happens
7 gru 2020

The most expensive game of Tetris ever played 😆 I'm pretty sure this is why MSFT stock is down today...

travisrhodes's profile picture. Security - Offense - Microsoft
Travis Rhodes
 @travisrhodes
4 sty 2021

I'm forming 2 dev teams in our Microsoft Vancouver B.C. office! Team 1: privacy failure discovery in M365. Team 2: Application Security, find the worst bugs, dev to find them at scale. Hiring all levels and experience, including 2 managers. Apply here: aka.ms/MSVancouverSec…

0
9
16
4
0
0
0
3
0
0
Justin Hendricks podał dalej
ItsReallyNick's profile picture.
Nick Carr
@ItsReallyNick
21 paź 2020

Critical new defenses for OAuth consent phishing: • ✅ Publisher verification [pic 1] • 📋 Customizable app consent policies [pic 2] • 🚷 Globally disallowing user consent to new multi-tenant apps from unverified publishers (on Nov 8) 👉🏼📰 Details: techcommunity.microsoft.com/t5/azure-activ…

ItsReallyNick's tweet image. Critical new defenses for OAuth consent phishing: • ✅ Publisher verification [pic 1] • 📋 Customizable app consent policies [pic 2] • 🚷 Globally disallowing user consent to new multi-tenant apps from unverified publishers (on Nov 8) 👉🏼📰 Details: techcommunity.microsoft.com/t5/azure-activ…
ItsReallyNick's tweet image. Critical new defenses for OAuth consent phishing: • ✅ Publisher verification [pic 1] • 📋 Customizable app consent policies [pic 2] • 🚷 Globally disallowing user consent to new multi-tenant apps from unverified publishers (on Nov 8) 👉🏼📰 Details: techcommunity.microsoft.com/t5/azure-activ…
4
86
231
32
0
Justin Hendricks podał dalej
rwincey's profile picture.
b0yd
 @rwincey
21 sie 2020

Found #Telerik vulnerable to CVE-2019-18935 on a customer's network and can't seem to get the file upload to work? Host the payload yourself using @secureauth impacket. @noperator @mwulftange @bao7uo @straight_blast @pwntester @olekmirosh #bugbountytips #pentest #exploit #redteam

rwincey's tweet image. Found #Telerik vulnerable to CVE-2019-18935 on a customer's network and can't seem to get the file upload to work? Host the payload yourself using @secureauth impacket. @noperator @mwulftange @bao7uo @straight_blast @pwntester @olekmirosh #bugbountytips #pentest #exploit #redteam
4
42
149
30
0
Justin Hendricks podał dalej
CalumBoal's profile picture.
Calum Boal
 @CalumBoal
24 lip 2020

Ever wanted to do reverse DNS lookups on an entire /16 range for free? Now you can! 😉 sonar.omnisint.io/reverse/95.138…

14
124
396
100
0
Justin Hendricks podał dalej
tifkin_'s profile picture.
Lee Chagolla-Christensen
 @tifkin_
14 lip 2020

A post on generating SSO cookies on Azure AD machines (without having to know the password) posts.specterops.io/requesting-azu…

tifkin_'s tweet card. RequestAADRefreshToken is a tool that returns OAuth 2.0 refresh tokens for an Azure-AD-authenticated Windows user (i.e. the machine is…
Requesting Azure AD Request Tokens on Azure-AD-joined Machines for Browser SSO
Źródło: posts.specterops.io
13
198
447
64
0
Script_Happens's profile picture.
Justin Hendricks
 @Script_Happens
15 lip 2020

Yes, go patch Skype and Sharepoint server. Better yet, migrate to Microsoft 365 and Microsoft will patch for you!

tobiefysh's profile picture. Geek for @Nasstar (formerly @ModalitySystems), Dad to two sons (one deaf, one hearing), Husband to an amazing wife. Views are my own!
Tobie Fysh
 @tobiefysh
14 lip 2020

SfB Server 2015/2019 and Lync Server 2013 all have Cumulative Updates out today for OAUTH Elevation of Privilege Vulnerability: portal.msrc.microsoft.com/en-US/security…

0
14
9
0
0
2
1
2
0
0
Justin Hendricks podał dalej
_CPResearch_'s profile picture.
Check Point Research
@_CPResearch_
14 lip 2020

We discovered a 17-year-old vulnerability in all of Windows DNS Servers. SIGRed (CVE-2020-1350) is a wormable, critical vulnerability that can be used to achieve full Domain Administrator privileges. research.checkpoint.com/2020/resolving…

_CPResearch_'s tweet card. Research by: Sagi Tzadik Introduction DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses....
SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers...
Źródło: research.checkpoint.com
8
713
1tys.
74
0
Justin Hendricks podał dalej
wunderwuzzi23's profile picture.
Johann Rehberger
@wunderwuzzi23
1 lip 2020

An older vulnerability write up about an XSS on the #AWS console which I responsibly disclosed to Amazon Hope its interesting for some who are getting started with #pentesting embracethered.com/blog/posts/202… Also AMZN now awards #bugbounties via Hackerone. Check it out! No aws though

1
23
64
7
0
Justin Hendricks podał dalej
semgrep's profile picture.
Semgrep
@semgrep
19 cze 2020

Hardcoded secrets, unverified tokens, and other common JWT mistakes: @ermil0v shares what he learned from bug-hunting 2,000 npm modules: r2c.dev/blog/2020/hard…

0
7
3
2
0
SwiftOnSecurity's profile picture. computer security person. former helpdesk.

SwiftOnSecurity

@SwiftOnSecurity
HackingDave's profile picture. Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.

Dave Kennedy

@HackingDave
dwizzzleMSFT's profile picture. Corporate Vice President, OS Security and Enterprise @Microsoft

David Weston (DWIZZZLE)

@dwizzzleMSFT
HackingLZ's profile picture. CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars

Justin Elze

@HackingLZ
Laughing_Mantis's profile picture. 20+ yrs in Infosec. Malware Influencer. I turn Malware into Art and Music. Art @MalwareArt. 4x Pwnie Nominee. 𝕍𝕏. GameDev. Autistic.

Greg Linares (Laughing Mantis)

@Laughing_Mantis
DrAzureAD's profile picture. Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)

Dr. Nestori Syynimaa

@DrAzureAD
vxunderground's profile picture. The largest collection of malware source code, samples, and papers on the internet. Password: infected

vx-underground

@vxunderground
ImposeCost's profile picture. Head of Global Signals Operations @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC.

Andrew Thompson

@ImposeCost
Jhaddix's profile picture. CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec

JS0N Haddix

@Jhaddix
reprise_99's profile picture. @Microsoft Security | https://t.co/HWozKuixTi | Tweets are my own

Matt Zorich

@reprise_99
cyb3rops's profile picture. Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim

Florian Roth ⚡️

@cyb3rops
Bandrel's profile picture. hacker, finder of EKUwu (CVE-2024-49019) https://t.co/XQuqk8nGG6

Justin Bollinger

@Bandrel
0gtweet's profile picture. My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-

Grzegorz Tworek

@0gtweet
stvemillertime's profile picture. AI threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara

Steve YARA Synapse Miller

@stvemillertime
MalwareJake's profile picture. Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him

Jake Williams

@MalwareJake
briankrebs's profile picture. Independent investigative journalist. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter. Mastodon: https://t.co/fTKNavlMwp

briankrebs

@briankrebs
_xpn_'s profile picture. Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl

Adam Chester 🏴‍☠️

@_xpn_
MsftSecIntel's profile picture. We are Microsoft's global network of security experts. Follow for security research and threat intelligence.

Microsoft Threat Intelligence

@MsftSecIntel
DebugPrivilege's profile picture. Windows Nerd | Ex-MSFT | Microsoft MVP in Windows and Devices | Interested in Security, Debugging, and Windows Internals.

DebugPrivilege

@DebugPrivilege
Dinosn's profile picture. Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3

Nicolas Krassas

@Dinosn
OpenAIDevs's profile picture. Updates for developers building with the OpenAI Platform and API • Service status: https://t.co/kZwnwdYqOS • Support: https://t.co/qCi6M5ESZU

OpenAI Developers

@OpenAIDevs
RileyRalmuto's profile picture. ─◯͠─ mind-blindness is a curable disease ⟁🜇 | $NEXUS

Riley Coyote

@RileyRalmuto
_l0gg's profile picture.

Khoa Dinh

@_l0gg
rajeshchada's profile picture.

Rajesh Chada

@rajeshchada
mncoppola's profile picture. Vulnerability researcher @catalystsec

Michael Coppola

@mncoppola
snyff's profile picture. Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...

Louis Nyffenegger

@snyff
AndrewOliveau's profile picture. Red Team ♦️

Andrew Oliveau

@AndrewOliveau
decoder_it's profile picture. Security Consultant @semperistech . Independent Security Researcher. Cyclist & Scubadiver. MSRC MVR 2022. "So di non sapere"

Andrea P

@decoder_it
vesajuvonen's profile picture. Recovering consultant. Product Manager at Microsoft on the community & ecosystem areas | MVP Lead | he/him | #SharingIsCaring #CommunityRocks #SPFx #M365PnP 🧡

Vesa Juvonen

@vesajuvonen
lukasberancz's profile picture. Senior Security Researcher (DART) @Microsoft. Opinions are my own. #MSIncidentResponse #DART #Microsoft365 #EntraID #DefenderXDR #Sentinel

Lukas Beran

@lukasberancz
cnotin's profile picture. 😈 Security research (#ActiveDirectory #EntraID) & pentest 🎉 #CTF @tipi_hack 👨‍💼 Works @TenableSecurity, opinions my own 🪂 https://t.co/4HRwJQ6PUm

Clément Notin

@cnotin
malmoeb's profile picture. Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX

Stephan Berger

@malmoeb
timolongin's profile picture. Currently pwning elderly Internet protocols Mastodon: @login@infosec.exchange

Timo Lo(n)gin

@timolongin
scarletinked's profile picture. Newsletter: https://t.co/xmdIXiOqaR Ex. GM and Tech Director at Amazon. Ex. CTO at Bezos Academy. https://t.co/yloCBNd83K

Dave Anderson

@scarletinked
sama's profile picture. AI is cool i guess

Sam Altman

@sama
0day_exploit_'s profile picture. Security Researcher | Crypto auditor and malware analyst 🥰

0 day exploit

@0day_exploit_
__Retrospect's profile picture. Ethical Hacker & Red Teamer

Sander Maas

@__Retrospect
ColinRubbert's profile picture. ¯\_(ツ)_/¯ bug bounty, hacker or some other thing, who knows anymore ¯\_(ツ)_/¯

Colin Rubbert

@ColinRubbert
megan_roddie's profile picture. Detection Engineer. Co-Author, SANS FOR509. Author, Practical Detection Engineering. @HackersHealth CFO. Ammy Muay Thai fighter/coach. #ActuallyAutistic.

Megantron (@[email protected])

@megan_roddie
lordx64's profile picture. 🇺🇸rust/solana dev + AI + 20 years cyber security veteran https://t.co/TjaioUQX2Q

ulזra‎

@lordx64
__b_c's profile picture. Engineer and org chart anomaly @pingidentity. Self-renowned workation photographer. Opinions my own unless plagiarized from someone smarter and/or funnier.

Brian Campbell

@__b_c
H_Miser's profile picture. Internet janitor, #CERT #BlueTeam and Whisk(e)y enthusiast "Everything you do is useless ! Enjoy 🍻" hash_miser@infosec.exchange https://t.co/pBOfukJZJi

Hash Miser

@H_Miser
Magoo's profile picture. Writes "Starting Up Security" @ https://t.co/Rv0MaSThQ1, tweets horror stories @badthingsdaily

Ryan McGeehan

@Magoo
RachelTobac's profile picture. Friendly Hacker & CEO @SocialProofSec security awareness/social engineering prevention Training, Videos, Talks | 3X @DEFCON🥈| Board @WISPorg | Ex @CISAgov TAC

Rachel Tobac

@RachelTobac
gmat0991's profile picture. Quantum Physics. Ethical Hacking. Heavy Metal. Manchester City. Security PM at MSRC, Microsoft. Opinions are my own.

Gaurav Mathur

@gmat0991
jness's profile picture. Building stuff to help people at Veramine. ex-MSRC.

Jonathan Ness

@jness
NotMedic's profile picture. Back to Red Teaming. Risk Hunter. DEFCON Staff & CFP Board. MS in DF. Fmr Fire/EMS. Red and Blue. Builder. Morally Flexible. https://t.co/zakkIXeyHu @ bluesky

Tim McGuffin

@NotMedic
gregxsunday's profile picture. Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.

Bug Bounty Reports Explained

@gregxsunday
NicoDeCleyre's profile picture. Microsoft MVP | M365 Developer 🇧🇪

Nico De Cleyre

@NicoDeCleyre
_shannon_mchale's profile picture. Red Team @ Mandiant/Google 👩🏻‍💻 Focused on hacking and protecting clouds. Presenter at DefCon, ShmooCon, WiCyS, and WiConnects. Ex-@RITSECclub President

Shannon McHale

@_shannon_mchale
LindseyOD123's profile picture. Cybersecurity writer @HuntressLabs @DecipherSec Previous @ThreatPost, @CRN, @Holy_cross alum

Lindsey O-Donnell-Welch

@LindseyOD123
FKasler's profile picture. Climber, Penetration Tester, Code Junkie, Malware Enthusiast @specterops

Forrest Kasler

@FKasler
__mez0__'s profile picture. 👽 UNC1194 🔥 Targeted Ops @TrustedSec 🤖 Dev @preemptdev "purveyors of the prettiest log files"

☠️ Brandon

@__mez0__
kj_ninja25's profile picture. Security PM, R&D @Microsoft - Microsoft Defender XDR, Kijo Ninja 🥷 #修行中 - learning C/C++ #Triathlete 🏊‍♂️ 🚴 🏃‍♀️ My tweets are my own

Kijo Ninja

@kj_ninja25
juanandres_gs's profile picture. Executive Director for Intelligence and Research @SentinelOne | Distinguished Fellow, @SAISHopkins Alperovitch |LABScon|Cyber Paleontologist|4thParty Collector

J. A. Guerrero-Saade

@juanandres_gs
azavery's profile picture. President, CPO, and COO at ServiceNow | Views and comments are my own

Amit Zavery

@azavery
xamroot's profile picture. security researcher for msft

Max T

@xamroot
ZenOneSec's profile picture. Security @ Microsoft & BlueHat Podcast Co Host

Wendy

@ZenOneSec
gman4626's profile picture. Cyber-security, Defender for Identity (MDI), MDA, M365, etc. MSFT (opinions are mine) Mt Biking, Photography, Hiking, Camping, Family, Wine, Sourdough baking ..

Gerson Levitz

@gman4626
_zblurx's profile picture. Red Teamer & Security researcher Maintainer of #NetExec, #DonPAPI, dploot, certsync, and all the stuff on my github repo bsky: https://t.co/zISpgvDSWc

Thomas Seigneuret

@_zblurx
TracketPacer's profile picture. 🚀 rockit network engineer | 👩🏼‍💻🛜 weird use cases & silly tech | wire gremlinry | she/her

TracketPacer

@TracketPacer
elad_shamir's profile picture.

Elad Shamir

@elad_shamir
anshuldsharma's profile picture. Product @Microsoft | #MicrosoftFabric

Anshul Sharma

@anshuldsharma
nas_bench's profile picture. Detection @Splunk & @cisco | previously @nextronsystems | @sigma_hq & @magicswordio maintainer | Eternal Learner

Nasreddine Bencherchali

@nas_bench
Krevetk0Valeriy's profile picture. Security enthusiast, bug bounty hunter at @Hacker0x01 and @Bugcrowd https://t.co/RjYvPJaXTW https://t.co/dkUfA2vywe

Valeriy

@Krevetk0Valeriy
NUL0x4C's profile picture. Windows Malware Researcher | co-founder of https://t.co/1YRk2CEjaO

NULL

@NUL0x4C
MalDevAcademy's profile picture. Providing specialized, module-based security training and resources designed for cyber security professionals

MalDev Academy

@MalDevAcademy
JimSycurity's profile picture. I enjoy security, technology, learning, books, & the great outdoors. Trying to be human & kind. Opinions = mine. He/Him/Hän

Jim Sykora

@JimSycurity
_mattata's profile picture. Dad, Vulnerability Research, Packet connoisseur. He/Him. Cyber Security Architect @GreyNoiseIO, DM's open. Top percentage Rattata. #cve #infosec #cybersecurity

remy🐀

@_mattata
lindayaX's profile picture. CEO of eMed Population Health, Mom, foodie, fashion enthusiast, @penn_state alum, former CEO of X

Linda Yaccarino

@lindayaX

United States Trendy

Może Ci się spodobać

Something went wrong.


Something went wrong.